Computer Laboratory Management System
by Oretnom23
CVEs (35)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-3770 | Med | 0.28 | 4.3 | 0.00 | Mar 8, 2026 | A flaw has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used. | ||
| CVE-2025-45956 | 0.00 | — | 0.00 | Apr 29, 2025 | A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1.0 allows an authenticated attacker to execute arbitrary SQL commands via the "id" parameter | |||
| CVE-2025-0342 | 0.00 | — | 0.00 | Jan 9, 2025 | A vulnerability, which was classified as problematic, was found in CampCodes Computer Laboratory Management System 1.0. This affects an unknown part of the file /class/edit/edit. The manipulation of the argument s_lname leads to cross site scripting. It is possible to initiate… | |||
| CVE-2025-0341 | 0.00 | — | 0.00 | Jan 9, 2025 | A vulnerability, which was classified as critical, has been found in CampCodes Computer Laboratory Management System 1.0. Affected by this issue is some unknown functionality of the file /class/edit/edit. The manipulation of the argument e_photo leads to unrestricted upload. The… | |||
| CVE-2024-54818 | 0.00 | — | 0.01 | Jan 8, 2025 | SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. via /php-lms/admin/?page=user/list. | |||
| CVE-2024-8348 | 0.00 | — | 0.01 | Aug 30, 2024 | A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function delete_category of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to… | |||
| CVE-2024-8347 | 0.00 | — | 0.01 | Aug 30, 2024 | A vulnerability classified as critical was found in SourceCodester Computer Laboratory Management System 1.0. Affected by this vulnerability is the function delete_record of the file /classes/Master.php?f=delete_record. The manipulation of the argument id leads to sql injection.… | |||
| CVE-2024-8346 | 0.00 | — | 0.01 | Aug 30, 2024 | A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. Affected is the function update_settings_info of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument name leads to sql… | |||
| CVE-2024-41332 | 0.00 | — | 0.01 | Aug 9, 2024 | Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories. | |||
| CVE-2024-34480 | 0.00 | — | 0.01 | Aug 7, 2024 | SourceCodester Computer Laboratory Management System 1.0 allows admin/category/view_category.php id SQL Injection. | |||
| CVE-2024-34479 | 0.00 | — | 0.01 | Aug 7, 2024 | SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection. | |||
| CVE-2024-6802 | 0.00 | — | 0.10 | Jul 17, 2024 | A vulnerability, which was classified as critical, was found in SourceCodester Computer Laboratory Management System 1.0. Affected is an unknown function of the file /lms/classes/Master.php?f=save_record. The manipulation of the argument id leads to sql injection. It is possible… | |||
| CVE-2024-31586 | 0.00 | — | 0.00 | Jun 20, 2024 | A Cross Site Scripting (XSS) vulnerability exists in Computer Laboratory Management System version 1.0. This vulnerability allows a remote attacker to execute arbitrary code via the Borrower Name, Department, and Remarks parameters. | |||
| CVE-2024-35583 | 0.00 | — | 0.00 | May 28, 2024 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Remarks input field. | |||
| CVE-2024-35581 | 0.00 | — | 0.00 | May 28, 2024 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Borrower Name input field. | |||
| CVE-2024-35582 | 0.00 | — | 0.00 | May 28, 2024 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Department input field. | |||
| CVE-2024-34231 | 0.00 | — | 0.00 | May 13, 2024 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name parameter. | |||
| CVE-2024-34230 | 0.00 | — | 0.00 | May 13, 2024 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information parameter. | |||
| CVE-2024-34225 | 0.00 | — | 0.01 | May 13, 2024 | Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters. | |||
| CVE-2024-34224 | 0.00 | — | 0.01 | May 13, 2024 | Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters. |
- risk 0.28cvss 4.3epss 0.00
A flaw has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used.
- CVE-2025-45956Apr 29, 2025risk 0.00cvss —epss 0.00
A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1.0 allows an authenticated attacker to execute arbitrary SQL commands via the "id" parameter
- CVE-2025-0342Jan 9, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, was found in CampCodes Computer Laboratory Management System 1.0. This affects an unknown part of the file /class/edit/edit. The manipulation of the argument s_lname leads to cross site scripting. It is possible to initiate…
- CVE-2025-0341Jan 9, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as critical, has been found in CampCodes Computer Laboratory Management System 1.0. Affected by this issue is some unknown functionality of the file /class/edit/edit. The manipulation of the argument e_photo leads to unrestricted upload. The…
- CVE-2024-54818Jan 8, 2025risk 0.00cvss —epss 0.01
SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. via /php-lms/admin/?page=user/list.
- CVE-2024-8348Aug 30, 2024risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function delete_category of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to…
- CVE-2024-8347Aug 30, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in SourceCodester Computer Laboratory Management System 1.0. Affected by this vulnerability is the function delete_record of the file /classes/Master.php?f=delete_record. The manipulation of the argument id leads to sql injection.…
- CVE-2024-8346Aug 30, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. Affected is the function update_settings_info of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument name leads to sql…
- CVE-2024-41332Aug 9, 2024risk 0.00cvss —epss 0.01
Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories.
- CVE-2024-34480Aug 7, 2024risk 0.00cvss —epss 0.01
SourceCodester Computer Laboratory Management System 1.0 allows admin/category/view_category.php id SQL Injection.
- CVE-2024-34479Aug 7, 2024risk 0.00cvss —epss 0.01
SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection.
- CVE-2024-6802Jul 17, 2024risk 0.00cvss —epss 0.10
A vulnerability, which was classified as critical, was found in SourceCodester Computer Laboratory Management System 1.0. Affected is an unknown function of the file /lms/classes/Master.php?f=save_record. The manipulation of the argument id leads to sql injection. It is possible…
- CVE-2024-31586Jun 20, 2024risk 0.00cvss —epss 0.00
A Cross Site Scripting (XSS) vulnerability exists in Computer Laboratory Management System version 1.0. This vulnerability allows a remote attacker to execute arbitrary code via the Borrower Name, Department, and Remarks parameters.
- CVE-2024-35583May 28, 2024risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Remarks input field.
- CVE-2024-35581May 28, 2024risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Borrower Name input field.
- CVE-2024-35582May 28, 2024risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Department input field.
- CVE-2024-34231May 13, 2024risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name parameter.
- CVE-2024-34230May 13, 2024risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information parameter.
- CVE-2024-34225May 13, 2024risk 0.00cvss —epss 0.01
Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters.
- CVE-2024-34224May 13, 2024risk 0.00cvss —epss 0.01
Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters.
Page 1 of 2