CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3061 – code-projects Agro-School Management System Attachment Image btn_functions.php unrestricted upload
https://notcve.org/view.php?id=CVE-2023-3061
A vulnerability was found in code-projects Agro-School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file btn_functions.php of the component Attachment Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-230567. • https://github.com/hotencode/CveHub/blob/main/Agro-School%20Management%20System%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf https://vuldb.com/?ctiid.230567 https://vuldb.com/?id.230567 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3060 – code-projects Agro-School Management System btn_functions.php doAddQuestion cross site scripting
https://notcve.org/view.php?id=CVE-2023-3060
A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as problematic. This vulnerability affects the function doAddQuestion of the file btn_functions.php. The manipulation of the argument Question leads to cross site scripting. The attack can be initiated remotely. VDB-230566 is the identifier assigned to this vulnerability. • https://github.com/hotencode/CveHub/blob/main/agricultural%20school%20management%20system%20has%20cross-site%20script%20vulnerability.pdf https://vuldb.com/?ctiid.230566 https://vuldb.com/?id.230566 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4739 – SourceCodester School Dormitory Management System Admin Login sql injection
https://notcve.org/view.php?id=CVE-2022-4739
A vulnerability classified as critical was found in SourceCodester School Dormitory Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Admin Login. The manipulation leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-216775. • https://vuldb.com/?ctiid.216775 https://vuldb.com/?id.216775 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-36193
https://notcve.org/view.php?id=CVE-2022-36193
SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries. La inyección SQL en School Management System 1.0 permite a atacantes remotos modificar o eliminar datos, provocando cambios persistentes en el contenido o el comportamiento de la aplicación mediante el uso de consultas SQL maliciosas. • https://github.com/G37SYS73M/CVE-2022-36193 https://github.com/G37SYS73M/Advisory_G37SYS73M/blob/main/CVE-2022-36193/POC.md https://github.com/lahirudanushka/School-Management-System---PHP-MySQL • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34580
https://notcve.org/view.php?id=CVE-2022-34580
Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the address parameter at ip/school/index.php. Se ha detectado que Advanced School Management System versión v1.0, contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del parámetro address en el archivo ip/school/index.php • https://github.com/wencongzhao/bug_report/blob/main/vendors/itsourcecode.com/advanced-school-management-system/XSS-1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •