5 results (0.003 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in itsourcecode Society Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/check_admin.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. • https://github.com/DeepMountains/Mirage/blob/main/CVE7-2.md https://vuldb.com/?ctiid.272616 https://vuldb.com/?id.272616 https://vuldb.com/?submit.380384 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in itsourcecode Society Management System 1.0 and classified as critical. This issue affects some unknown processing of the file check_student.php. The manipulation of the argument student_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.272615 https://vuldb.com/?ctiid.272615 https://vuldb.com/?submit.380383 https://github.com/DeepMountains/Mirage/blob/main/CVE7-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as critical, was found in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/student.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/DeepMountains/Mirage/blob/main/CVE7-6.md https://vuldb.com/?ctiid.272613 https://vuldb.com/?id.272613 https://vuldb.com/?submit.380387 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as critical, has been found in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/get_balance.php. The manipulation of the argument student_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/DeepMountains/Mirage/blob/main/CVE7-5.md https://vuldb.com/?ctiid.272612 https://vuldb.com/?id.272612 https://vuldb.com/?submit.380386 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability classified as critical was found in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/get_price.php. The manipulation of the argument expenses_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/DeepMountains/Mirage/blob/main/CVE7-4.md https://vuldb.com/?ctiid.272611 https://vuldb.com/?id.272611 https://vuldb.com/?submit.380385 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •