College Management System V1.0
CVEs (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-39179 | 0.00 | — | 0.01 | Nov 17, 2022 | College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file. | ||
| CVE-2022-39180 | 0.00 | — | 0.00 | Nov 17, 2022 | College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page |
- CVE-2022-39179Nov 17, 2022risk 0.00cvss —epss 0.01
College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file.
- CVE-2022-39180Nov 17, 2022risk 0.00cvss —epss 0.00
College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page