3 matches found
CVE-2018-18799
CVE-2018-18799 affects School Attendance Monitoring System 1.0. The vulnerability is a CSRF flaw via event/controller.php?action=photos, with exploitable upload flow leading to arbitrary file upload (and potential remote access) as shown in exploits (Exploit-DB) and CNVD-cnvd-2019-00384 descripti...
CVE-2018-18798
CVE-2018-18798 affects Attendance Monitoring System 1.0. The vulnerability is a SQL Injection via the id parameter in multiple PHP entry points (student/index.php?view=view, event/index.php?view=view, user/index.php?view=view). The issue arises from unsafely using user input in SQL queries, enabl...
CVE-2018-18797
CVE-2018-18797 affects School Attendance Monitoring System 1.0. The vulnerability is a Cross-Site Request Forgery (CSRF) via /user/user/edit.php that enables an attacker to trigger admin data updates (e.g., account fields) by forged requests. Public exploit references (Exploit-DB, PacketStorm) an...