School Dormitory Management System
by School Dormitory Management System
CVEs (17)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-18795 | Cri | 0.67 | 9.8 | 0.03 | Nov 16, 2018 | School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter. | ||
| CVE-2018-18793 | Cri | 0.67 | 9.8 | 0.10 | Nov 16, 2018 | School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos. | ||
| CVE-2022-30512 | Cri | 0.64 | 9.8 | 0.10 | Jun 2, 2022 | School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31. | ||
| CVE-2022-30511 | Cri | 0.64 | 9.8 | 0.04 | Jun 2, 2022 | School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4. | ||
| CVE-2022-30510 | Cri | 0.64 | 9.8 | 0.04 | Jun 2, 2022 | School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59. | ||
| CVE-2022-30886 | Cri | 0.64 | 9.8 | 0.02 | May 20, 2022 | School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/daily_collection_report.php. | ||
| CVE-2018-18794 | Hig | 0.60 | 8.8 | 0.02 | Nov 16, 2018 | School Event Management System 1.0 allows CSRF via user/controller.php?action=edit. | ||
| CVE-2023-49982 | Hig | 0.57 | 8.8 | 0.01 | Mar 21, 2024 | Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts. | ||
| CVE-2023-49983 | Med | 0.44 | 6.8 | 0.01 | Mar 21, 2024 | A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | ||
| CVE-2023-49985 | Med | 0.42 | 6.5 | 0.00 | Mar 21, 2024 | A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cname parameter. | ||
| CVE-2023-49984 | Med | 0.40 | 6.1 | 0.00 | Mar 21, 2024 | A cross-site scripting (XSS) vulnerability in the component /management/settings of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | ||
| CVE-2022-30514 | Med | 0.40 | 6.1 | 0.03 | Jun 2, 2022 | School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126. | ||
| CVE-2022-30513 | Med | 0.40 | 6.1 | 0.03 | Jun 2, 2022 | School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125 | ||
| CVE-2022-24572 | Med | 0.40 | 6.1 | 0.01 | Feb 28, 2022 | Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vulnerability, an admin views the registered user details. | ||
| CVE-2023-49987 | Med | 0.35 | 5.4 | 0.00 | Mar 7, 2024 | A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tname parameter. | ||
| CVE-2023-51800 | Med | 0.35 | 5.4 | 0.01 | Feb 29, 2024 | Cross Site Scripting (XSS) vulnerability in School Fees Management System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the main_settings component in the phone, address, bank, acc_name, acc_number parameters, new_class and cname parameter,… | ||
| CVE-2023-49986 | Med | 0.31 | 4.7 | 0.00 | Mar 7, 2024 | A cross-site scripting (XSS) vulnerability in the component /admin/parent of School Fees Management System 1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. |
- risk 0.67cvss 9.8epss 0.03
School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.
- risk 0.67cvss 9.8epss 0.10
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.
- risk 0.64cvss 9.8epss 0.10
School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31.
- risk 0.64cvss 9.8epss 0.04
School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4.
- risk 0.64cvss 9.8epss 0.04
School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59.
- risk 0.64cvss 9.8epss 0.02
School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/daily_collection_report.php.
- risk 0.60cvss 8.8epss 0.02
School Event Management System 1.0 allows CSRF via user/controller.php?action=edit.
- risk 0.57cvss 8.8epss 0.01
Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts.
- risk 0.44cvss 6.8epss 0.01
A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.
- risk 0.42cvss 6.5epss 0.00
A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cname parameter.
- risk 0.40cvss 6.1epss 0.00
A cross-site scripting (XSS) vulnerability in the component /management/settings of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.
- risk 0.40cvss 6.1epss 0.03
School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126.
- risk 0.40cvss 6.1epss 0.03
School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125
- risk 0.40cvss 6.1epss 0.01
Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vulnerability, an admin views the registered user details.
- risk 0.35cvss 5.4epss 0.00
A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tname parameter.
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) vulnerability in School Fees Management System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the main_settings component in the phone, address, bank, acc_name, acc_number parameters, new_class and cname parameter,…
- risk 0.31cvss 4.7epss 0.00
A cross-site scripting (XSS) vulnerability in the component /admin/parent of School Fees Management System 1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.