3 matches found
CVE-2018-18795
CVE-2018-18795 corresponds to a SQL Injection vulnerability in School Event Management System 1.0. The flaw is triggered via the id parameter in the pages student/index.php and event/index.php, allowing an attacker to manipulate the backend database. Connected sources corroborate the same descrip...
CVE-2018-18793
CVE-2018-18793 affects School Event Management System 1.0. The vulnerability is an Arbitrary File Upload through the endpoint event/controller.php?action=photos, enabling uploading of arbitrary files via the photos handler. Public exploits and shell-upload references exist (Exploit-DB, PacketStor...
CVE-2018-18794
The CVE-2018-18794 entry corresponds to a Cross-Site Request Forgery (CSRF) vulnerability in School Event Management System 1.0. Public documents detail CSRF via user/controller.php?action=edit and related admin-update flows. Exploitation evidence shows abuse of session state (checking ACCOUNT_ID...