VYPR

School Management System

by Manikandan580

Source repositories

CVEs (7)

  • CVE-2025-65133CriApr 14, 2026
    risk 0.64cvss 9.8epss 0.01

    A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated or authenticated remote attacker can supply a crafted HTTP request to the affected endpoint to manipulate SQL query logic and extract sensitive database…

  • CVE-2026-6595HigApr 20, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This vulnerability affects unknown code of the file buslocation.php of the component HTTP GET Parameter Handler. The manipulation of the argument bus_id…

  • CVE-2026-37750MedApr 28, 2026
    risk 0.40cvss 6.1epss 0.00

    A reflected Cross-Site Scripting (XSS) vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the unsanitized type parameter in register.php.

  • CVE-2025-65136MedApr 14, 2026
    risk 0.40cvss 6.1epss 0.00

    In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php via the pagedes POST parameter.

  • CVE-2025-65134MedApr 14, 2026
    risk 0.40cvss 6.1epss 0.00

    In manikandan580 School-management-system 1.0, a reflected cross-site scripting (XSS) vulnerability exists in /studentms/admin/contact-us.php via the email POST parameter.

  • CVE-2024-8784Sep 13, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in QDocs Smart School Management System 7.0.0. Affected by this vulnerability is an unknown functionality of the file /user/chat/mynewuser of the component Chat. The manipulation of the argument users[] with the input…

  • CVE-2024-25250Mar 13, 2024
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in code-projects Agro-School Management System 1.0 allows attackers to run arbitrary code via the Login page.