NotCVE - vendor:"Phpgurukul" product:"Teachers Record Management System"

3 results (0.008 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3

CVE-2021-28424

https://notcve.org/view.php?id=CVE-2021-28424

A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en Teachers Record Management System versión 1.0, permite a usuarios autenticados remotos inyectar script web o HTML arbitrario por medio de el parámetro POST "email" en el archivo adminprofile.php • https://nhattruong.blog/2021/05/22/cve-2021-28424-teachers-record-management-system-1-0-email-stored-cross-site-scripting-xss-vulnerability-authenticated https://packetstormsecurity.com/files/163171/Teachers-Record-Management-System-1.0-Cross-Site-Scripting.html https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql https://www.exploit-db.com/exploits/50019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 3

CVE-2021-28423

https://notcve.org/view.php?id=CVE-2021-28423

Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php. Múltiples vulnerabilidades de inyección SQL en Teachers Record Management System versión 1.0, permiten a usuarios autenticados remotos ejecutar comandos SQL arbitrario por medio del parámetro GET "editid" en los archivos edit-subjects-detail.php, edit-teacher-detail.php, o el parámetro POST "searchdata" en el archivo search.php • https://nhattruong.blog/2021/05/22/cve-2021-28423-teachers-record-management-system-1-0-searchdata-error-based-sql-injection-authenticated https://packetstormsecurity.com/files/163172/Teachers-Record-Management-System-1.0-SQL-Injection.html https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql https://www.exploit-db.com/exploits/50018 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 2

CVE-2021-26822

https://notcve.org/view.php?id=CVE-2021-26822

Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks. Teachers Record Management System versión 1.0, está afectado por una vulnerabilidad de inyección SQL en el parámetro POST "searchteacher" en el archivo search-teacher.php. Esta vulnerabilidad puede ser aprovechada por un atacante remoto no autenticado para filtrar información confidencial y realizar ataques de ejecución de código • https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-26822 https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql https://www.exploit-db.com/exploits/49562 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •