Schools Alert Management Script
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-12055 | Cri | 0.67 | 9.8 | 0.03 | Jun 8, 2018 | Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on. | ||
| CVE-2018-12052 | Cri | 0.67 | 9.8 | 0.05 | Jun 8, 2018 | SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php. | ||
| CVE-2018-7477 | Cri | 0.67 | 9.8 | 0.03 | Feb 28, 2018 | SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php. | ||
| CVE-2018-12051 | Cri | 0.64 | 9.8 | 0.03 | Jun 8, 2018 | Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type. | ||
| CVE-2018-6859 | Cri | 0.64 | 9.8 | 0.02 | Feb 23, 2018 | SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter. | ||
| CVE-2018-6860 | Hig | 0.57 | 8.8 | 0.03 | Feb 12, 2018 | Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script 2.0.2 via a profile picture. | ||
| CVE-2018-12054 | Hig | 0.55 | 7.5 | 0.39 | Jun 8, 2018 | Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal. | ||
| CVE-2018-12053 | Hig | 0.53 | 7.5 | 0.11 | Jun 8, 2018 | Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal. |
- risk 0.67cvss 9.8epss 0.03
Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on.
- risk 0.67cvss 9.8epss 0.05
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php.
- risk 0.64cvss 9.8epss 0.03
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type.
- risk 0.64cvss 9.8epss 0.02
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter.
- risk 0.57cvss 8.8epss 0.03
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script 2.0.2 via a profile picture.
- risk 0.55cvss 7.5epss 0.39
Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.
- risk 0.53cvss 7.5epss 0.11
Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal.