LAN Management System
CVEs (86)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-63535 | 0.00 | — | 0.00 | Dec 1, 2025 | A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize usersupplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an… | |||
| CVE-2025-63531 | 0.00 | — | 0.01 | Dec 1, 2025 | A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and… | |||
| CVE-2025-63448 | 0.00 | — | 0.00 | Nov 3, 2025 | Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1. | |||
| CVE-2025-63443 | 0.00 | — | 0.00 | Nov 3, 2025 | School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via the password parameter. | |||
| CVE-2025-63447 | 0.00 | — | 0.00 | Nov 3, 2025 | Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php. | |||
| CVE-2025-63446 | 0.00 | — | 0.00 | Nov 3, 2025 | Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php. | |||
| CVE-2023-44755 | 0.00 | — | 0.00 | Apr 22, 2025 | Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php. | |||
| CVE-2025-29455 | 0.00 | — | 0.00 | Apr 17, 2025 | An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function. | |||
| CVE-2025-29456 | 0.00 | — | 0.00 | Apr 17, 2025 | An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function. | |||
| CVE-2025-29453 | 0.00 | — | 0.00 | Apr 17, 2025 | An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component. | |||
| CVE-2025-29454 | 0.00 | — | 0.00 | Apr 17, 2025 | An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function. | |||
| CVE-2024-48245 | 0.00 | — | 0.01 | Jan 7, 2025 | Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment… | |||
| CVE-2024-48570 | 0.00 | — | 0.01 | Oct 22, 2024 | Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php. | |||
| CVE-2024-42569 | 0.00 | — | 0.01 | Aug 20, 2024 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at paidclass.php. | |||
| CVE-2024-42572 | 0.00 | — | 0.01 | Aug 20, 2024 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php. | |||
| CVE-2024-42571 | 0.00 | — | 0.01 | Aug 20, 2024 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php. | |||
| CVE-2024-42574 | 0.00 | — | 0.01 | Aug 20, 2024 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php. | |||
| CVE-2024-42575 | 0.00 | — | 0.01 | Aug 20, 2024 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php. | |||
| CVE-2024-42567 | 0.00 | — | 0.01 | Aug 20, 2024 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2. | |||
| CVE-2024-33994 | 0.00 | — | 0.00 | Aug 6, 2024 | Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in '/event/index.php'. |
- CVE-2025-63535Dec 1, 2025risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize usersupplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an…
- CVE-2025-63531Dec 1, 2025risk 0.00cvss —epss 0.01
A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and…
- CVE-2025-63448Nov 3, 2025risk 0.00cvss —epss 0.00
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1.
- CVE-2025-63443Nov 3, 2025risk 0.00cvss —epss 0.00
School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via the password parameter.
- CVE-2025-63447Nov 3, 2025risk 0.00cvss —epss 0.00
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php.
- CVE-2025-63446Nov 3, 2025risk 0.00cvss —epss 0.00
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php.
- CVE-2023-44755Apr 22, 2025risk 0.00cvss —epss 0.00
Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php.
- CVE-2025-29455Apr 17, 2025risk 0.00cvss —epss 0.00
An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function.
- CVE-2025-29456Apr 17, 2025risk 0.00cvss —epss 0.00
An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function.
- CVE-2025-29453Apr 17, 2025risk 0.00cvss —epss 0.00
An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component.
- CVE-2025-29454Apr 17, 2025risk 0.00cvss —epss 0.00
An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function.
- CVE-2024-48245Jan 7, 2025risk 0.00cvss —epss 0.01
Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment…
- CVE-2024-48570Oct 22, 2024risk 0.00cvss —epss 0.01
Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php.
- CVE-2024-42569Aug 20, 2024risk 0.00cvss —epss 0.01
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at paidclass.php.
- CVE-2024-42572Aug 20, 2024risk 0.00cvss —epss 0.01
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php.
- CVE-2024-42571Aug 20, 2024risk 0.00cvss —epss 0.01
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php.
- CVE-2024-42574Aug 20, 2024risk 0.00cvss —epss 0.01
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php.
- CVE-2024-42575Aug 20, 2024risk 0.00cvss —epss 0.01
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php.
- CVE-2024-42567Aug 20, 2024risk 0.00cvss —epss 0.01
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2.
- CVE-2024-33994Aug 6, 2024risk 0.00cvss —epss 0.00
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in '/event/index.php'.
Page 2 of 5