11 matches found
CVE-2022-27304
The CVE-2022-27304 entry applies to Student Grading System v1.0 and describes a SQL injection vulnerability in the user parameter. The vulnerability is confirmed across multiple connected sources (e.g., NVD, Red Hat and CVE registries) and is documented as a SQLi issue with the affected product. ...
CVE-2022-28024
The CVE-2022-28024 entry affects Student Grading System v1.0, with a SQL injection in the web parameter rms.php?page=grade. Root cause: unsanitized input leading to SQLi. Impact (per sources): confidentiality, integrity, and availability are all at risk (P/H). CVSS vectors indicate high/critical ...
CVE-2022-28025
The CVE-2022-28025 entry applies to Student Grading System v1.0 , with a SQL injection vulnerability exploitable via the parameter in /student-grading-system/rms.php?page=school_year. The public record consistently identifies the flaw as an input handling issue that allows SQL commands to be inje...
CVE-2022-28026
The CVE-2022-28026 entry describes a SQL injection in Student Grading System v1.0, exploitable via /student-grading-system/rms.php?page=student_p&id=. The issue is caused by unsanitized user input in the parameter, enabling unauthorized SQL commands and potential data exposure. CVSS details from ...
CVE-2025-10407
CVE-2025-10407 affects SourceCodester Student Grading System 1.0. The vulnerability is a SQL injection in the file /view_user.php caused by manipulation of the ID parameter, enabling remote exploitation. Public exploits exist. Impact/mitigation details in connected docs indicate no formal patch/v...
CVE-2025-10418
CVE-2025-10418 affects SourceCodester Student Grading System 1.0. The vulnerability lies in /view_students.php where manipulation of the ID parameter causes SQL injection. Exploitation can be performed remotely and publicly available exploit code exists. Impact is high for confidentiality, integr...
CVE-2025-10421
The CVE-2025-10421 entry concerns SourceCodester Student Grading System 1.0. Affected component: the file /update_account.php. Root cause: manipulation of the ID parameter enables SQL injection, with remote exploitation possible and an exploit published. Impact is consistent with the vulnerabilit...
CVE-2025-10408
SourceCodester Student Grading System 1.0 has a SQL injection in /edit_user.php triggered by manipulating the ID parameter. The issue is exploitable remotely and an exploit is publicly available. Multiple feeds corroborate this vulnerability; remediation guidance in related advisories suggests sa...
CVE-2025-10409
CVE-2025-10409 concerns a SQL injection vulnerability in SourceCodester Student Grading System 1.0, arising from manipulation of the fname parameter in /rms.php?page=users. The flaw allows remote attackers to execute arbitrary SQL; exploitation is public and the attack surface includes the affect...
CVE-2025-10420
CVE-2025-10420 affects SourceCodester Student Grading System 1.0; the vulnerability stems from manipulation of the ID parameter in /form137.php, enabling SQL injection. The issue is remote and publicly exploit, as reported across multiple sources. Root cause: unsafely constructed SQL queries usin...
CVE-2025-10419
The CVE-2025-10419 entry concerns SourceCodester Student Grading System 1.0, with a SQL injection in the /del_promote.php endpoint (and variants like /del promote.php). Multiple connected sources confirm remote exploitation and publicly disclosed exploit. The vulnerability stems from how the sy p...