15 matches found
CVE-2023-1563
Summary: CVE-2023-1563 affects SourceCodester Student Study Center Desk Management System 1.0. The vulnerability lies in the file /admin/assign/assign.php , where manipulating the id parameter causes a SQL injection . The issue can be exploited remotely, and the exploit has been publicly disclose...
CVE-2023-1568
CVE-2023-1568 affects SourceCodester Student Study Center Desk Management System 1.0. The vulnerability resides in the GET Parameter Handler for the file /admin/reports/index.php, where manipulating the date_to argument leads to cross-site scripting (XSS). It is described as exploitable remotely ...
CVE-2023-44752
CVE-2023-44752 affects the Student Study Center Desk Management System v1.0. A crafted GET request to /php-sscdms/admin/login.php can bypass authentication, enabling unauthorized access with total impact (confidentiality, integrity, availability = HIGH). Exploitability is network-based with low c...
CVE-2024-6731
The CVE-2024-6731 entry refers to SourceCodester Student Study Center Desk Management System 1.0. The vulnerability is a SQL injection in the file /Master.php?f=save_student triggered by manipulating the id parameter, allowing remote exploitation. Exploitation details are disclosed publicly acros...
CVE-2023-1407
CVE-2023-1407 affects SourceCodester Student Study Center Desk Management System 1.0, via an SQL injection in the /admin/user/manage_user.php file where manipulating the id parameter enables remote exploitation. Several sources confirm the issue and describe the root cause as improper handling of...
CVE-2024-6807
CVE-2024-6807 affects SourceCodester Student Study Center Desk Management System 1.0. The vulnerability exists in the HTTP POST handler at /sscdms/classes/Users.php?f=save, where manipulating the arguments firstname, middlename, lastname, or username triggers a cross-site scripting (XSS) flaw. Th...
CVE-2024-6732
CVE-2024-6732 affects SourceCodester Student Study Center Desk Management System 1.0. The vulnerability is in the /sscdms/classes/Users.php?f=save path, where manipulation of the id parameter enables SQL injection. Exploitation is remote and public/exploitable disclosures exist. Product is affect...
CVE-2023-1466
CVE-2023-1466 affects SourceCodester Student Study Center Desk Management System v1.0. The vulnerability is a SQL injection in the admin/?page=students/view_student endpoint, triggered by manipulating the id parameter (example payload: 3' AND (SELECT 2100 FROM (SELECT(SLEEP(5)))FWlC) AND 'butz'='...
CVE-2023-2151
SourceCodester Student Study Center Desk Management System 1.0 contains a SQL injection vulnerability in manage_student.php triggered by manipulating the id parameter. The issue allows remote exploitation; multiple sources (NVD, Red Hat, CVE lists, PRION) corroborate the vulnerability and market ...
CVE-2023-1467
CVE-2023-1467 affects SourceCodester Student Study Center Desk Management System 1.0. The vulnerability resides in the POST Parameter Handler, specifically Master.php?f=delete_img, where manipulating the path argument (e.g., C%3A%2Ffoo.txt) enables path traversal. The issue is exploitable remotel...
CVE-2023-36317
CVE-2023-36317 affects sourcecodester Student Study Center Desk Management System 1.0. It is a Cross Site Scripting (XSS) vulnerability exploitable via a crafted GET request to the web application URL that could allow arbitrary code execution in the user’s browser/session. Documents do not provid...
CVE-2023-1468
CVE-2023-1468 affects SourceCodester Student Study Center Desk Management System 1.0, specifically the Report Handler component in admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17. The vulnerability is an SQL injection caused by manipulating the date_from/date_to arguments, with remote...
CVE-2023-1567
The CVE-2023-1567 entry concerns SourceCodester Student Study Center Desk Management System 1.0, where the /admin/assign/assign.php script is affected. The vulnerability arises from manipulation of the sid parameter, leading to cross-site scripting (XSS). The issue can be triggered remotely, and ...
CVE-2023-29985
CVE-2023-29985 affects Sourcecodester Student Study Center Desk Management System v1.0. The adminreportsindex.php#date_from endpoint is vulnerable to SQL Injection due to lack of validation of externally supplied SQL statements, enabling potential exposure of sensitive database data. The CVSS v3....
CVE-2023-2152
CVE-2023-2152 affects SourceCodester Student Study Center Desk Management System 1.0. The vulnerability is an unauthenticated file inclusion in the index.php file caused by manipulation of the page argument, allowing remote exploitation. Multiple sources confirm impact to an unknown functionality...