Lucene search
K
Oretnom23Student Study Center Desk Management System

15 matches found

CVE
CVE
added 2023/03/22 12:31 p.m.111 views

CVE-2023-1563

Summary: CVE-2023-1563 affects SourceCodester Student Study Center Desk Management System 1.0. The vulnerability lies in the file /admin/assign/assign.php , where manipulating the id parameter causes a SQL injection . The issue can be exploited remotely, and the exploit has been publicly disclose...

9.8CVSS8.3AI score0.00783EPSS
Web
CVE
CVE
added 2023/03/22 2:0 p.m.99 views

CVE-2023-1568

CVE-2023-1568 affects SourceCodester Student Study Center Desk Management System 1.0. The vulnerability resides in the GET Parameter Handler for the file /admin/reports/index.php, where manipulating the date_to argument leads to cross-site scripting (XSS). It is described as exploitable remotely ...

5.4CVSS4.2AI score0.00646EPSS
Web
CVE
CVE
added 2025/04/22 12:0 a.m.81 views

CVE-2023-44752

CVE-2023-44752 affects the Student Study Center Desk Management System v1.0. A crafted GET request to /php-sscdms/admin/login.php can bypass authentication, enabling unauthorized access with total impact (confidentiality, integrity, availability = HIGH). Exploitability is network-based with low c...

9.8CVSS7.2AI score0.00622EPSS
CVE
CVE
added 2024/07/14 10:0 p.m.59 views

CVE-2024-6731

The CVE-2024-6731 entry refers to SourceCodester Student Study Center Desk Management System 1.0. The vulnerability is a SQL injection in the file /Master.php?f=save_student triggered by manipulating the id parameter, allowing remote exploitation. Exploitation details are disclosed publicly acros...

8.8CVSS7.1AI score0.00618EPSS
CVE
CVE
added 2023/03/15 6:32 a.m.57 views

CVE-2023-1407

CVE-2023-1407 affects SourceCodester Student Study Center Desk Management System 1.0, via an SQL injection in the /admin/user/manage_user.php file where manipulating the id parameter enables remote exploitation. Several sources confirm the issue and describe the root cause as improper handling of...

7.2CVSS6.2AI score0.00713EPSS
Web
CVE
CVE
added 2024/07/17 3:31 a.m.55 views

CVE-2024-6807

CVE-2024-6807 affects SourceCodester Student Study Center Desk Management System 1.0. The vulnerability exists in the HTTP POST handler at /sscdms/classes/Users.php?f=save, where manipulating the arguments firstname, middlename, lastname, or username triggers a cross-site scripting (XSS) flaw. Th...

4.8CVSS3.7AI score0.00742EPSS
Web
CVE
CVE
added 2024/07/14 10:31 p.m.54 views

CVE-2024-6732

CVE-2024-6732 affects SourceCodester Student Study Center Desk Management System 1.0. The vulnerability is in the /sscdms/classes/Users.php?f=save path, where manipulation of the id parameter enables SQL injection. Exploitation is remote and public/exploitable disclosures exist. Product is affect...

8.8CVSS7.1AI score0.00618EPSS
Web
CVE
CVE
added 2023/03/17 11:45 a.m.52 views

CVE-2023-1466

CVE-2023-1466 affects SourceCodester Student Study Center Desk Management System v1.0. The vulnerability is a SQL injection in the admin/?page=students/view_student endpoint, triggered by manipulating the id parameter (example payload: 3' AND (SELECT 2100 FROM (SELECT(SLEEP(5)))FWlC) AND 'butz'='...

9.8CVSS8.3AI score0.00541EPSS
Web
CVE
CVE
added 2023/04/18 1:0 p.m.52 views

CVE-2023-2151

SourceCodester Student Study Center Desk Management System 1.0 contains a SQL injection vulnerability in manage_student.php triggered by manipulating the id parameter. The issue allows remote exploitation; multiple sources (NVD, Red Hat, CVE lists, PRION) corroborate the vulnerability and market ...

9.8CVSS8.3AI score0.00766EPSS
CVE
CVE
added 2023/03/17 11:45 a.m.51 views

CVE-2023-1467

CVE-2023-1467 affects SourceCodester Student Study Center Desk Management System 1.0. The vulnerability resides in the POST Parameter Handler, specifically Master.php?f=delete_img, where manipulating the path argument (e.g., C%3A%2Ffoo.txt) enables path traversal. The issue is exploitable remotel...

9.8CVSS8.2AI score0.01083EPSS
CVE
CVE
added 2023/08/23 12:0 a.m.51 views

CVE-2023-36317

CVE-2023-36317 affects sourcecodester Student Study Center Desk Management System 1.0. It is a Cross Site Scripting (XSS) vulnerability exploitable via a crafted GET request to the web application URL that could allow arbitrary code execution in the user’s browser/session. Documents do not provid...

4.8CVSS5AI score0.00507EPSS
CVE
CVE
added 2023/03/17 11:45 a.m.50 views

CVE-2023-1468

CVE-2023-1468 affects SourceCodester Student Study Center Desk Management System 1.0, specifically the Report Handler component in admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17. The vulnerability is an SQL injection caused by manipulating the date_from/date_to arguments, with remote...

9.8CVSS7.4AI score0.00541EPSS
Web
CVE
CVE
added 2023/03/22 1:31 p.m.50 views

CVE-2023-1567

The CVE-2023-1567 entry concerns SourceCodester Student Study Center Desk Management System 1.0, where the /admin/assign/assign.php script is affected. The vulnerability arises from manipulation of the sid parameter, leading to cross-site scripting (XSS). The issue can be triggered remotely, and ...

6.1CVSS4.8AI score0.00587EPSS
Web
CVE
CVE
added 2023/05/18 12:0 a.m.50 views

CVE-2023-29985

CVE-2023-29985 affects Sourcecodester Student Study Center Desk Management System v1.0. The adminreportsindex.php#date_from endpoint is vulnerable to SQL Injection due to lack of validation of externally supplied SQL statements, enabling potential exposure of sensitive database data. The CVSS v3....

9.8CVSS9.8AI score0.00877EPSS
CVE
CVE
added 2023/04/18 1:31 p.m.40 views

CVE-2023-2152

CVE-2023-2152 affects SourceCodester Student Study Center Desk Management System 1.0. The vulnerability is an unauthenticated file inclusion in the index.php file caused by manipulation of the page argument, allowing remote exploitation. Multiple sources confirm impact to an unknown functionality...

9.8CVSS6.5AI score0.01159EPSS