Student Information System
Products
1- 5 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-5008 | Cri | 0.64 | 9.8 | 0.01 | Dec 8, 2023 | Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. | ||
| CVE-2023-4122 | Cri | 0.64 | 9.9 | 0.01 | Dec 7, 2023 | Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | ||
| CVE-2023-5011 | Hig | 0.57 | 8.8 | 0.01 | Dec 20, 2023 | Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursename' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database. | ||
| CVE-2023-5010 | Hig | 0.57 | 8.8 | 0.01 | Dec 20, 2023 | Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database. | ||
| CVE-2022-1819 | Low | 0.16 | 2.4 | 0.01 | May 24, 2022 | A vulnerability, which was classified as problematic, was found in Student Information System 1.0. Affected is admin/?page=students of the Student Roll module. The manipulation with the input leads to authenticated cross site scripting. Exploit details… |
- risk 0.64cvss 9.8epss 0.01
Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control.
- risk 0.64cvss 9.9epss 0.01
Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.
- risk 0.57cvss 8.8epss 0.01
Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursename' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.
- risk 0.57cvss 8.8epss 0.01
Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.
- risk 0.16cvss 2.4epss 0.01
A vulnerability, which was classified as problematic, was found in Student Information System 1.0. Affected is admin/?page=students of the Student Roll module. The manipulation with the input leads to authenticated cross site scripting. Exploit details…