Student Attendance Management System
by Student Attendance Management System
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-51801 | Cri | 0.64 | 9.8 | 0.01 | Feb 29, 2024 | SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the id parameter in the student_form.php and the class_form.php pages. | ||
| CVE-2023-27214 | Cri | 0.64 | 9.8 | 0.01 | Mar 9, 2023 | Online Student Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the fromdate and todate parameters at /eduauth/student/between-date-reprtsdetails.php. | ||
| CVE-2023-41524 | Hig | 0.57 | 8.8 | 0.00 | Aug 7, 2025 | Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the username parameter at index.php. | ||
| CVE-2023-41523 | Hig | 0.57 | 8.8 | 0.00 | Aug 7, 2025 | Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the emailAddress parameter at createClassTeacher.php. | ||
| CVE-2023-41522 | Hig | 0.57 | 8.8 | 0.00 | Aug 7, 2025 | Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createStudents.php via the Id, firstname, and admissionNumber parameters. | ||
| CVE-2023-41521 | Hig | 0.57 | 8.8 | 0.00 | Aug 7, 2025 | Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createSessionTerm.php via the id, termId, and sessionName parameters. | ||
| CVE-2023-41520 | Hig | 0.57 | 8.8 | 0.00 | Aug 7, 2025 | Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createClassArms.php via the classId and classArmName parameters. | ||
| CVE-2023-41519 | Med | 0.40 | 6.1 | 0.00 | Aug 7, 2025 | Student Attendance Management System v1 was discovered to contain a cross-site scripting (XSS) vulnerability via the sessionName parameter at createSessionTerm.php. | ||
| CVE-2023-51802 | Med | 0.40 | 6.1 | 0.01 | Feb 29, 2024 | Cross Site Scripting (XSS) vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the page or class_month parameter in the /php-attendance/attendance_report component. | ||
| CVE-2021-33371 | Med | 0.35 | 5.4 | 0.01 | Jul 28, 2022 | A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box. | ||
| CVE-2023-41616 | Med | 0.31 | 4.8 | 0.00 | Sep 21, 2023 | A reflected cross-site scripting (XSS) vulnerability in the Search Student function of Student Management System v1.2.3 and before allows attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload. | ||
| CVE-2022-4052 | Med | 0.31 | 4.7 | 0.01 | Nov 17, 2022 | A vulnerability was found in Student Attendance Management System and classified as critical. This issue affects some unknown processing of the file /Admin/createClass.php. The manipulation of the argument Id leads to sql injection. The attack may be initiated remotely. The… | ||
| CVE-2022-4053 | Low | 0.16 | 2.4 | 0.00 | Nov 17, 2022 | A vulnerability was found in Student Attendance Management System. It has been classified as problematic. Affected is an unknown function of the file createClass.php. The manipulation of the argument className leads to cross site scripting. It is possible to launch the attack… |
- risk 0.64cvss 9.8epss 0.01
SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the id parameter in the student_form.php and the class_form.php pages.
- risk 0.64cvss 9.8epss 0.01
Online Student Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the fromdate and todate parameters at /eduauth/student/between-date-reprtsdetails.php.
- risk 0.57cvss 8.8epss 0.00
Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the username parameter at index.php.
- risk 0.57cvss 8.8epss 0.00
Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the emailAddress parameter at createClassTeacher.php.
- risk 0.57cvss 8.8epss 0.00
Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createStudents.php via the Id, firstname, and admissionNumber parameters.
- risk 0.57cvss 8.8epss 0.00
Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createSessionTerm.php via the id, termId, and sessionName parameters.
- risk 0.57cvss 8.8epss 0.00
Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createClassArms.php via the classId and classArmName parameters.
- risk 0.40cvss 6.1epss 0.00
Student Attendance Management System v1 was discovered to contain a cross-site scripting (XSS) vulnerability via the sessionName parameter at createSessionTerm.php.
- risk 0.40cvss 6.1epss 0.01
Cross Site Scripting (XSS) vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the page or class_month parameter in the /php-attendance/attendance_report component.
- risk 0.35cvss 5.4epss 0.01
A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box.
- risk 0.31cvss 4.8epss 0.00
A reflected cross-site scripting (XSS) vulnerability in the Search Student function of Student Management System v1.2.3 and before allows attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload.
- risk 0.31cvss 4.7epss 0.01
A vulnerability was found in Student Attendance Management System and classified as critical. This issue affects some unknown processing of the file /Admin/createClass.php. The manipulation of the argument Id leads to sql injection. The attack may be initiated remotely. The…
- risk 0.16cvss 2.4epss 0.00
A vulnerability was found in Student Attendance Management System. It has been classified as problematic. Affected is an unknown function of the file createClass.php. The manipulation of the argument className leads to cross site scripting. It is possible to launch the attack…