CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33569
https://notcve.org/view.php?id=CVE-2023-33569
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=update_user. • https://github.com/Cr4at0r/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/RCE-1.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2962 – SourceCodester Faculty Evaluation System sql injection
https://notcve.org/view.php?id=CVE-2023-2962
A vulnerability, which was classified as critical, has been found in SourceCodester Faculty Evaluation System 1.0. Affected by this issue is some unknown functionality of the file index.php?page=edit_user. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. • https://github.com/JinYunlei/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-1.md https://vuldb.com/?ctiid.230150 https://vuldb.com/?id.230150 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33439
https://notcve.org/view.php?id=CVE-2023-33439
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=. • https://github.com/F14me7wq/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 5%CPEs: 1EXPL: 2CVE-2023-33440 – Faculty Evaluation System 1.0 - Unauthenticated File Upload
https://notcve.org/view.php?id=CVE-2023-33440
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user. Faculty Evaluation System version 1.0 suffers from a remote shell upload vulnerability. • https://www.exploit-db.com/exploits/51495 http://packetstormsecurity.com/files/172672/Faculty-Evaluation-System-1.0-Shell-Upload.html https://github.com/F14me7wq/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/RCE-1.md •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31843
https://notcve.org/view.php?id=CVE-2023-31843
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/view_faculty.php?id=. • https://github.com/acmglz/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •