CVE-2024-34240

QDOCS Smart School 7.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in admin functions related to adding or updating records, which is described as enabling arbitrary code execution. The issue is consistently reported across multiple sources (Red Hat, NVD/CNNVD/CVE record, CVE enri...

CVE-2024-8784

CVE-2024-8784 affects QDocs Smart School Management System 7.0.0, specifically the Chat component at /user/chat/mynewuser. The vulnerability arises from manipulation of the POST parameter users[] that leads to SQL injection (exploitation described as remote). Publicly disclosed exploit exists; im...

CVE-2023-5495

CVE-2023-5495 affects QDocs Smart School 6.4.1. The vulnerability is a SQL injection in the HTTP POST Request Handler, triggered by manipulating the POST parameters searchdata[0][title], searchdata[0][searchfield], and searchdata[0][searchvalue] sent to /course/filterRecords/. Root cause: input d...

CVE-2025-41107

The CVE-2025-41107 entry describes a Stored XSS in Smart School 7.0 caused by insufficient validation of user input in a POST to /online_admission, affecting fields such as firstname, lastname, guardian_name, etc. The issue could allow a remote attacker to craft input that is processed by an auth...

CVE-2025-60500

QDocs Smart School Management System 7.1 contains a logic flaw in the media upload feature that lets authenticated users with roles such as accountant or admin bypass file type restrictions by abusing the alternate YouTube URL option. This enables uploading arbitrary PHP files that are stored in ...