School Fees Payment Management System
by Campcodes
CVEs (28)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-7166 | 0.00 | — | 0.01 | Jul 28, 2024 | A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been classified as critical. Affected is an unknown function of the file /receipt.php. The manipulation of the argument ef_id leads to sql injection. It is possible to launch the attack remotely.… | |||
| CVE-2024-7165 | 0.00 | — | 0.01 | Jul 28, 2024 | A vulnerability was found in SourceCodester School Fees Payment System 1.0 and classified as critical. This issue affects some unknown processing of the file /view_payment.php. The manipulation of the argument ef_id leads to sql injection. The attack may be initiated remotely.… | |||
| CVE-2024-7164 | 0.00 | — | 0.01 | Jul 28, 2024 | A vulnerability has been found in SourceCodester School Fees Payment System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be initiated… | |||
| CVE-2023-49987 | 0.00 | — | 0.00 | Mar 7, 2024 | A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tname parameter. | |||
| CVE-2023-49985 | 0.00 | — | 0.00 | Mar 6, 2024 | A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cname parameter. | |||
| CVE-2023-49983 | 0.00 | — | 0.01 | Mar 6, 2024 | A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | |||
| CVE-2023-49982 | 0.00 | — | 0.01 | Mar 6, 2024 | Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts. | |||
| CVE-2023-49981 | 0.00 | — | 0.01 | Mar 6, 2024 | A directory listing vulnerability in School Fees Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization. |
- CVE-2024-7166Jul 28, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been classified as critical. Affected is an unknown function of the file /receipt.php. The manipulation of the argument ef_id leads to sql injection. It is possible to launch the attack remotely.…
- CVE-2024-7165Jul 28, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester School Fees Payment System 1.0 and classified as critical. This issue affects some unknown processing of the file /view_payment.php. The manipulation of the argument ef_id leads to sql injection. The attack may be initiated remotely.…
- CVE-2024-7164Jul 28, 2024risk 0.00cvss —epss 0.01
A vulnerability has been found in SourceCodester School Fees Payment System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be initiated…
- CVE-2023-49987Mar 7, 2024risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tname parameter.
- CVE-2023-49985Mar 6, 2024risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cname parameter.
- CVE-2023-49983Mar 6, 2024risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.
- CVE-2023-49982Mar 6, 2024risk 0.00cvss —epss 0.01
Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts.
- CVE-2023-49981Mar 6, 2024risk 0.00cvss —epss 0.01
A directory listing vulnerability in School Fees Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization.
Page 2 of 2