10 matches found
CVE-2021-45865
CVE-2021-45865 concerns the SourceCodester Student Attendance Management System v1.0 and centers on the file upload feature. Multiple connected sources describe a vulnerability caused by the application’s lack of validation for uploaded files, which can be exploited to upload malicious files and ...
CVE-2022-4052
CVE-2022-4052 affects the Student Attendance Management System. The vulnerability is a SQL injection in the Id parameter of the file /Admin/createClass.php caused by unsanitized input, allowing remote exploitation. Several connected sources corroborate the problem and classify it as critical with...
CVE-2021-45866
CVE-2021-45866 affects Sourcecodester Student Attendance Management System 1.0. The vulnerability is a Stored Cross-Site Scripting (XSS) in the couse field of index.php, arising from insufficient input validation/output handling. Reported across multiple feeds (NVD/CNVD/CNNVD) with CVSS-3.1 base ...
CVE-2022-4053
CVE-2022-4053 affects the Student Attendance Management System. The vulnerability is in the createClass.php file, where manipulating the className argument can trigger a cross-site scripting (XSS) flaw. The issue is exploitable remotely, and the exploit has been disclosed publicly (VDB-213846). C...
CVE-2023-41520
CVE-2023-41520 affects Student Attendance Management System v1. The vulnerability lies in createClassArms.php, where SQL injection can be introduced via the parameters classId and classArmName. Affected component is the server-side PHP script responsible for managing class arms. The CVE metrics i...
CVE-2023-41519
The CVE-2023-41519 affects Student Attendance Management System v1. The vulnerability is a cross-site scripting (XSS) flaw in the createSessionTerm.php script, exploitable via the sessionName parameter. This can allow injection of malicious scripts when a user submits a crafted sessionName, poten...
CVE-2023-41524
The CVE-2023-41524 entry concerns the Student Attendance Management System v1, which contains a SQL injection vulnerability in the username parameter of index.php. The root cause is improper handling of user-supplied input leading to unauthorized SQL execution. Impact is described as high severit...
CVE-2023-41521
CVE-2023-41521 affects Student Attendance Management System v1, which contains multiple SQL injection flaws in createSessionTerm.php reachable via the id, termId, and sessionName parameters. The reported impact is severe (CVSS v3.1 base score 8.8, high confidentiality, integrity, and availability...
CVE-2023-41523
The CVE-2023-41523 entry maps to the Student Attendance Management System v1, which contains a SQL injection in the createClassTeacher.php endpoint that reads the emailAddress parameter. The vulnerability is described as an injection flaw that can affect the application’s database queries; CVSSv3...
CVE-2023-41522
Student Attendance Management System v1 contains multiple SQL injection vulnerabilities in createStudents.php, exploitable via Id, firstname, and admissionNumber parameters due to improper input handling. CVSS v3.1 metrics indicate HIGH impact on confidentiality, integrity, and availability, with...