7 matches found
CVE-2022-30512
CVE-2022-30512 affects School Dormitory Management System 1.0. The connected data confirms a SQL injection in accounts/payment_history.php:31, enabling an attacker to read/modify data and potentially perform unauthorized admin operations. The issue is demonstrated by public Nuclei templates and a...
CVE-2022-30513
The CVE-2022-30513 entry applies to School Dormitory Management System 1.0, which contains an authenticated cross-site scripting (XSS) vulnerability in admin/inc/navigation.php:125. The Nuclei template confirms an authenticated XSS via that file location, enabling an attacker with prior access to...
CVE-2022-30514
The provided connected documents confirm a concrete vulnerability: School Dormitory Management System 1.0 has an authenticated cross-site scripting (XSS) flaw in admin/inc/navigation.php:126. Exploitation involves injecting arbitrary script that runs in an authenticated user’s browser, enabling c...
CVE-2022-30886
CVE-2022-30886 concerns a SQL injection in School Dormitory Management System v1.0, triggered via the month parameter in /dms/admin/reports/daily_collection_report.php. The vulnerability stems from unsanitized external input feeding a SQL query, enabling an attacker to potentially read/modify dat...
CVE-2022-30510
The CVE-2022-30510 entry affects the School Dormitory Management System 1.0. A concrete vulnerability is a SQL Injection in reports/daily_collection_report.php:59, caused by unsafely handling the GET parameter $_GET['month']. The Red Hat/NVD/CNVD and related records confirm this is an SQL injecti...
CVE-2022-30511
CVE-2022-30511 affects School Dormitory Management System 1.0 and is described as a SQL Injection via accounts/view_details.php:4. The vulnerability is demonstrated across multiple feeds (NVD, Red Hat, CNVD, CVE lists, and CNVD entries) as an injection in the accounts/view_details.php page, reach...
CVE-2022-4739
CVE-2022-4739 affects SourceCodester School Dormitory Management System v1.0, specifically the Admin Login component. The vulnerability enables SQL injection via an unknown function in Admin Login, with remote exploitation implied. Several connected sources corroborate a critical risk with impact...