LAN Management System
CVEs (87)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-63527 | 0.00 | — | 0.00 | Dec 1, 2025 | A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject… | |||
| CVE-2025-63447 | 0.00 | — | 0.00 | Nov 3, 2025 | Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php. | |||
| CVE-2025-63443 | 0.00 | — | 0.00 | Nov 3, 2025 | School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via the password parameter. | |||
| CVE-2025-63446 | 0.00 | — | 0.00 | Nov 3, 2025 | Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php. | |||
| CVE-2025-63448 | 0.00 | — | 0.00 | Nov 3, 2025 | Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1. | |||
| CVE-2023-44755 | 0.00 | — | 0.00 | Apr 22, 2025 | Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php. | |||
| CVE-2025-29456 | 0.00 | — | 0.00 | Apr 17, 2025 | An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function. | |||
| CVE-2025-29454 | 0.00 | — | 0.00 | Apr 17, 2025 | An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function. | |||
| CVE-2025-29453 | 0.00 | — | 0.00 | Apr 17, 2025 | An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component. | |||
| CVE-2025-29455 | 0.00 | — | 0.00 | Apr 17, 2025 | An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function. | |||
| CVE-2024-48245 | 0.00 | — | 0.01 | Jan 7, 2025 | Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment… | |||
| CVE-2024-48570 | 0.00 | — | 0.01 | Oct 22, 2024 | Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php. | |||
| CVE-2024-42569 | 0.00 | — | 0.01 | Aug 20, 2024 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at paidclass.php. | |||
| CVE-2024-42575 | 0.00 | — | 0.01 | Aug 20, 2024 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php. | |||
| CVE-2024-42567 | 0.00 | — | 0.01 | Aug 20, 2024 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2. | |||
| CVE-2024-42574 | 0.00 | — | 0.01 | Aug 20, 2024 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php. | |||
| CVE-2024-42571 | 0.00 | — | 0.01 | Aug 20, 2024 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php. | |||
| CVE-2024-42572 | 0.00 | — | 0.01 | Aug 20, 2024 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php. | |||
| CVE-2024-33994 | 0.00 | — | 0.00 | Aug 6, 2024 | Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in '/event/index.php'. | |||
| CVE-2024-33988 | 0.00 | — | 0.00 | Aug 6, 2024 | Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance',… |
- CVE-2025-63527Dec 1, 2025risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject…
- CVE-2025-63447Nov 3, 2025risk 0.00cvss —epss 0.00
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php.
- CVE-2025-63443Nov 3, 2025risk 0.00cvss —epss 0.00
School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via the password parameter.
- CVE-2025-63446Nov 3, 2025risk 0.00cvss —epss 0.00
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php.
- CVE-2025-63448Nov 3, 2025risk 0.00cvss —epss 0.00
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1.
- CVE-2023-44755Apr 22, 2025risk 0.00cvss —epss 0.00
Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php.
- CVE-2025-29456Apr 17, 2025risk 0.00cvss —epss 0.00
An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function.
- CVE-2025-29454Apr 17, 2025risk 0.00cvss —epss 0.00
An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function.
- CVE-2025-29453Apr 17, 2025risk 0.00cvss —epss 0.00
An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component.
- CVE-2025-29455Apr 17, 2025risk 0.00cvss —epss 0.00
An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function.
- CVE-2024-48245Jan 7, 2025risk 0.00cvss —epss 0.01
Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment…
- CVE-2024-48570Oct 22, 2024risk 0.00cvss —epss 0.01
Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php.
- CVE-2024-42569Aug 20, 2024risk 0.00cvss —epss 0.01
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at paidclass.php.
- CVE-2024-42575Aug 20, 2024risk 0.00cvss —epss 0.01
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php.
- CVE-2024-42567Aug 20, 2024risk 0.00cvss —epss 0.01
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2.
- CVE-2024-42574Aug 20, 2024risk 0.00cvss —epss 0.01
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php.
- CVE-2024-42571Aug 20, 2024risk 0.00cvss —epss 0.01
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php.
- CVE-2024-42572Aug 20, 2024risk 0.00cvss —epss 0.01
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php.
- CVE-2024-33994Aug 6, 2024risk 0.00cvss —epss 0.00
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in '/event/index.php'.
- CVE-2024-33988Aug 6, 2024risk 0.00cvss —epss 0.00
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance',…
Page 4 of 5