Community Project Scholars Tracking System
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-24101 | Cri | 0.64 | 9.8 | 0.00 | Mar 12, 2024 | Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Eligibility Information Update. | ||
| CVE-2024-24093 | Cri | 0.64 | 9.8 | 0.01 | Mar 12, 2024 | SQL Injection vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via Personal Information Update information. | ||
| CVE-2024-24098 | Hig | 0.51 | 7.8 | 0.00 | Mar 5, 2024 | Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection via the News Feed. | ||
| CVE-2025-14951 | Hig | 0.47 | 7.3 | 0.00 | Dec 19, 2025 | A security vulnerability has been detected in code-projects Scholars Tracking System 1.0. The impacted element is an unknown function of the file /home.php. Such manipulation of the argument post_content leads to sql injection. The attack can be executed remotely. The exploit… | ||
| CVE-2025-14950 | Hig | 0.47 | 7.3 | 0.00 | Dec 19, 2025 | A weakness has been identified in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /delete_post.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been… | ||
| CVE-2025-14940 | Hig | 0.47 | 7.3 | 0.00 | Dec 19, 2025 | A vulnerability was determined in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /admin/delete_user.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit… | ||
| CVE-2024-24097 | Med | 0.35 | 5.4 | 0.00 | Mar 12, 2024 | Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via the News Feed. | ||
| CVE-2024-24099 | Med | 0.35 | 5.4 | 0.00 | Feb 27, 2024 | Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status Information Update. | ||
| CVE-2025-70152 | 0.00 | — | 0.00 | Feb 18, 2026 | code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.php and /admin/update_user.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters… | |||
| CVE-2025-70151 | 0.00 | — | 0.01 | Feb 18, 2026 | code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote code execution via unrestricted file upload. The endpoints update_profile_picture.php and upload_picture.php store uploaded files in a web-accessible uploads/ directory using the… |
- risk 0.64cvss 9.8epss 0.00
Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Eligibility Information Update.
- risk 0.64cvss 9.8epss 0.01
SQL Injection vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via Personal Information Update information.
- risk 0.51cvss 7.8epss 0.00
Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection via the News Feed.
- risk 0.47cvss 7.3epss 0.00
A security vulnerability has been detected in code-projects Scholars Tracking System 1.0. The impacted element is an unknown function of the file /home.php. Such manipulation of the argument post_content leads to sql injection. The attack can be executed remotely. The exploit…
- risk 0.47cvss 7.3epss 0.00
A weakness has been identified in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /delete_post.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was determined in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /admin/delete_user.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit…
- risk 0.35cvss 5.4epss 0.00
Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via the News Feed.
- risk 0.35cvss 5.4epss 0.00
Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status Information Update.
- CVE-2025-70152Feb 18, 2026risk 0.00cvss —epss 0.00
code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.php and /admin/update_user.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters…
- CVE-2025-70151Feb 18, 2026risk 0.00cvss —epss 0.01
code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote code execution via unrestricted file upload. The endpoints update_profile_picture.php and upload_picture.php store uploaded files in a web-accessible uploads/ directory using the…