5 matches found
CVE-2022-40087
CVE-2022-40087 affects Simple College Website v1.0 and describes an arbitrary file write vulnerability in PHP via file_put_contents(), enabling arbitrary code execution through a crafted PHP file. The issue stems from unsafe file write behavior in the application and is documented across multiple...
CVE-2022-40088
The CVE-2022-40088 entry affects Simple College Website v1.0, with a reflected XSS vulnerability in the page parameter of /college_website/index.php?page=. The root cause is input reflected back into the page, enabling arbitrary web-script/HTML execution when a crafted payload is submitted. The N...
CVE-2022-40089
The CVE-2022-40089 entry concerns Simple College Website v1.0 vulnerable to Remote File Inclusion (RFI) via a crafted PHP file when allow_url_include is On. Affected component: the Simple College Website application; root cause: RFI enabling arbitrary code execution. Impact stated in sources: rem...
CVE-2021-44593
The CVE-2021-44593 entry concerns Simple College Website 1.0, vulnerable to an unauthenticated UNION-based SQL injection in the username parameter of /admin/login.php, which can be leveraged to upload files and achieve remote code execution. Public references include a GitHub exploit repo that de...
CVE-2021-26232
The CVE-2021-26232 entry concerns SourceCodester Simple College Website v1.0. The vulnerability is a SQL injection in News.php via the id parameter, enabling remote attackers to execute arbitrary SQL statements. Affected software: SourceCodester Simple College Website (CMS) v1.0; vulnerable compo...