Complete Web-Based School Management System
by Campcodes
CVEs (104)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-33808 | Cri | 0.64 | 9.8 | 0.01 | May 28, 2024 | A SQL injection vulnerability in /model/get_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2024-33806 | Cri | 0.64 | 9.8 | 0.01 | May 28, 2024 | A SQL injection vulnerability in /model/get_grade.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2024-33805 | Cri | 0.64 | 9.8 | 0.01 | May 28, 2024 | A SQL injection vulnerability in /model/get_student.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2024-33801 | Cri | 0.64 | 9.8 | 0.01 | May 28, 2024 | A SQL injection vulnerability in /model/get_subject_routing.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2024-33800 | Cri | 0.64 | 9.8 | 0.01 | May 28, 2024 | A SQL injection vulnerability in /model/get_student1.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter. | ||
| CVE-2024-33799 | Cri | 0.64 | 9.8 | 0.01 | May 28, 2024 | A SQL injection vulnerability in /model/get_teacher.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2024-34935 | Cri | 0.64 | 9.8 | 0.01 | May 23, 2024 | A SQL injection vulnerability in /view/conversation_history_admin.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversation_id parameter. | ||
| CVE-2024-34934 | Cri | 0.64 | 9.8 | 0.01 | May 23, 2024 | A SQL injection vulnerability in /view/emarks_range_grade_update_form.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversation_id parameter. | ||
| CVE-2024-34932 | Cri | 0.64 | 9.8 | 0.01 | May 23, 2024 | A SQL injection vulnerability in /model/update_exam.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter. | ||
| CVE-2024-34931 | Cri | 0.64 | 9.8 | 0.01 | May 23, 2024 | A SQL injection vulnerability in /model/update_subject.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter. | ||
| CVE-2024-34929 | Cri | 0.64 | 9.8 | 0.01 | May 23, 2024 | A SQL injection vulnerability in /view/find_friends.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the my_index parameter. | ||
| CVE-2024-34927 | Cri | 0.64 | 9.8 | 0.01 | May 23, 2024 | A SQL injection vulnerability in /model/update_classroom.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter. | ||
| CVE-2024-33411 | Cri | 0.64 | 9.8 | 0.01 | May 6, 2024 | A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter. | ||
| CVE-2024-33409 | Cri | 0.64 | 9.8 | 0.01 | May 6, 2024 | SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter. | ||
| CVE-2024-33408 | Cri | 0.64 | 9.8 | 0.01 | May 6, 2024 | A SQL injection vulnerability in /model/get_classroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2024-33403 | Cri | 0.64 | 9.8 | 0.01 | May 6, 2024 | A SQL injection vulnerability in /model/get_events.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the event_id parameter. | ||
| CVE-2024-34936 | Hig | 0.56 | 8.6 | 0.00 | May 23, 2024 | A SQL injection vulnerability in /view/event1.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the month parameter. | ||
| CVE-2024-33405 | Hig | 0.56 | 8.6 | 0.01 | May 6, 2024 | SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter. | ||
| CVE-2024-33404 | Hig | 0.54 | 8.3 | 0.01 | May 6, 2024 | A SQL injection vulnerability in /model/add_student_first_payment.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter. | ||
| CVE-2024-33402 | Hig | 0.53 | 8.1 | 0.00 | May 28, 2024 | A SQL injection vulnerability in /model/approve_petty_cash.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. |
- risk 0.64cvss 9.8epss 0.01
A SQL injection vulnerability in /model/get_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.
- risk 0.64cvss 9.8epss 0.01
A SQL injection vulnerability in /model/get_grade.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.
- risk 0.64cvss 9.8epss 0.01
A SQL injection vulnerability in /model/get_student.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.
- risk 0.64cvss 9.8epss 0.01
A SQL injection vulnerability in /model/get_subject_routing.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.
- risk 0.64cvss 9.8epss 0.01
A SQL injection vulnerability in /model/get_student1.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter.
- risk 0.64cvss 9.8epss 0.01
A SQL injection vulnerability in /model/get_teacher.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.
- risk 0.64cvss 9.8epss 0.01
A SQL injection vulnerability in /view/conversation_history_admin.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversation_id parameter.
- risk 0.64cvss 9.8epss 0.01
A SQL injection vulnerability in /view/emarks_range_grade_update_form.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversation_id parameter.
- risk 0.64cvss 9.8epss 0.01
A SQL injection vulnerability in /model/update_exam.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter.
- risk 0.64cvss 9.8epss 0.01
A SQL injection vulnerability in /model/update_subject.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter.
- risk 0.64cvss 9.8epss 0.01
A SQL injection vulnerability in /view/find_friends.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the my_index parameter.
- risk 0.64cvss 9.8epss 0.01
A SQL injection vulnerability in /model/update_classroom.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter.
- risk 0.64cvss 9.8epss 0.01
A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter.
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter.
- risk 0.64cvss 9.8epss 0.01
A SQL injection vulnerability in /model/get_classroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.
- risk 0.64cvss 9.8epss 0.01
A SQL injection vulnerability in /model/get_events.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the event_id parameter.
- risk 0.56cvss 8.6epss 0.00
A SQL injection vulnerability in /view/event1.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the month parameter.
- risk 0.56cvss 8.6epss 0.01
SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter.
- risk 0.54cvss 8.3epss 0.01
A SQL injection vulnerability in /model/add_student_first_payment.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter.
- risk 0.53cvss 8.1epss 0.00
A SQL injection vulnerability in /model/approve_petty_cash.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter.
Page 1 of 6