VYPR

Student Information System

by Student Information System

CVEs (5)

  • CVE-2023-5008CriDec 8, 2023
    risk 0.64cvss 9.8epss 0.01

    Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control.

  • CVE-2023-4122CriDec 7, 2023
    risk 0.64cvss 9.9epss 0.01

    Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.

  • CVE-2023-5011HigDec 20, 2023
    risk 0.57cvss 8.8epss 0.01

    Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursename' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-5010HigDec 20, 2023
    risk 0.57cvss 8.8epss 0.01

    Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2022-1819LowMay 24, 2022
    risk 0.16cvss 2.4epss 0.01

    A vulnerability, which was classified as problematic, was found in Student Information System 1.0. Affected is admin/?page=students of the Student Roll module. The manipulation with the input leads to authenticated cross site scripting. Exploit details…