Page 2 of 10 results (0.012 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in itsourcecode Online Student Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file editSubject.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Lanxiy7th/lx_CVE_report-/issues/5 https://vuldb.com/?ctiid.266306 https://vuldb.com/?id.266306 https://vuldb.com/?submit.344606 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability has been found in itsourcecode Online Student Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file listofsubject.php. The manipulation of the argument subjcode leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Lanxiy7th/lx_CVE_report-/issues/4 https://vuldb.com/?ctiid.266305 https://vuldb.com/?id.266305 https://vuldb.com/?submit.344605 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as critical, was found in itsourcecode Online Student Enrollment System 1.0. Affected is an unknown function of the file listofstudent.php. The manipulation of the argument lname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Lanxiy7th/lx_CVE_report-/issues/3 https://vuldb.com/?ctiid.266304 https://vuldb.com/?id.266304 https://vuldb.com/?submit.344603 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /student_enrollment/admin/login.php. Se descubrió que Online Student Enrollment System v1.0 contiene una vulnerabilidad de inyección SQL a través del parámetro de nombre de usuario en /student_enrollment/admin/login.php. • https://github.com/snowingllll/bug_report/blob/main/vendors/donbermoy/Online%20Student%20Enrollment%20System/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A cross-site scripting (XSS) vulnerability in the component /admin/register.php of Online Student Enrollment System v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter. Una vulnerabilidad de cross site scripting (XSS) en el componente /admin/register.php de la aplicación Online Student Enrollment Sstem v1.0, lo que permite a los atacantes ejecutar scripts arbitrarios a través de un payload manipulado inyectado en el parámetro "nombre". • https://github.com/mkwsj007/bug_report/blob/main/vendors/donbermoy/Online%20Student%20Enrollment%20System/XSS-1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •