CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4514 – Campcodes Complete Web-Based School Management System timetable_insert_form.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-4514
06 May 2024 — A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/timetable_insert_form.php. The manipulation of the argument grade leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%202.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4513 – Campcodes Complete Web-Based School Management System timetable_update_form.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-4513
06 May 2024 — A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/timetable_update_form.php. The manipulation of the argument grade leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%201.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33407
https://notcve.org/view.php?id=CVE-2024-33407
06 May 2024 — SQL injection vulnerability in /model/delete_record.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en /model/delete_record.php en campcodes Complete Web-Based School Management System 1.0 permite al atacante ejecutar comandos SQL arbitrarios a través del parámetro id. • https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%206.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33408
https://notcve.org/view.php?id=CVE-2024-33408
06 May 2024 — A SQL injection vulnerability in /model/get_classroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. Una vulnerabilidad de inyección SQL en /model/get_classroom.php en campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro id. • https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33406
https://notcve.org/view.php?id=CVE-2024-33406
06 May 2024 — SQL injection vulnerability in /model/delete_student_grade_subject.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter. Vulnerabilidad de inyección SQL en /model/delete_student_grade_subject.php en campcodes Complete Web-Based School Management System 1.0 permite al atacante ejecutar comandos SQL arbitrarios a través del parámetro index. • https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33410
https://notcve.org/view.php?id=CVE-2024-33410
06 May 2024 — SQL injection vulnerability in /model/delete_range_grade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en /model/delete_range_grade.php en campcodes Complete Web-Based School Management System 1.0 permite al atacante ejecutar comandos SQL arbitrarios a través del parámetro id. • https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33405
https://notcve.org/view.php?id=CVE-2024-33405
06 May 2024 — SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter. Vulnerabilidad de inyección SQL en add_friends.php en campcodes Complete Web-Based School Management System 1.0 permite al atacante ejecutar comandos SQL arbitrarios a través del parámetro friend_index. • https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33411
https://notcve.org/view.php?id=CVE-2024-33411
06 May 2024 — A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter. Una vulnerabilidad de inyección SQL en /model/get_admin_profile.php en Campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro my_index. • https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3719 – Campcodes House Rental Management System ajax.php sql injection
https://notcve.org/view.php?id=CVE-2024-3719
13 Apr 2024 — A vulnerability, which was classified as critical, was found in Campcodes House Rental Management System 1.0. This affects an unknown part of the file ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/House%20Rental%20Management%20System/House%20Rental%20Management%20System%20-%20vuln%205.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3698 – Campcodes House Rental Management System manage_payment.php sql injection
https://notcve.org/view.php?id=CVE-2024-3698
12 Apr 2024 — A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_payment.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. • https://github.com/E1CHO/cve_hub/blob/main/House%20Rental%20Management%20System/House%20Rental%20Management%20System%20-%20vuln%204.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •