CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4912 – SourceCodester Student Result Management System Image File update_student.php path traversal
https://notcve.org/view.php?id=CVE-2025-4912
19 May 2025 — A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/core/update_student.php of the component Image File Handler. The manipulation of the argument old_photo leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://magnificent-dill-351.notion.site/Arbitrary-File-Delete-of-update_student-in-SRMS-1-0-1f5c693918ed8047ad31d03c6034b4f6 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4898 – SourceCodester Student Result Management System Logo File update_system.php unlink path traversal
https://notcve.org/view.php?id=CVE-2025-4898
18 May 2025 — A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects the function unlink of the file update_system.php of the component Logo File Handler. The manipulation of the argument old_logo leads to path traversal. The attack can be initiated remotely. • https://magnificent-dill-351.notion.site/Arbitrary-File-Delete-in-SRMS-1-0-1f4c693918ed80de80b0e7925ddbdadc • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4720 – SourceCodester Student Result Management System drop_student.php path traversal
https://notcve.org/view.php?id=CVE-2025-4720
15 May 2025 — A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file academic/core/drop_student.php. The manipulation of the argument img leads to path traversal. The attack can be initiated remotely. • https://github.com/Xiaoyi-ing/CVE/issues/4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48722 – Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-48722
21 Dec 2023 — Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database. Student Result Management System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'class_name' del recurso add_results.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. Student... • https://fluidattacks.com/advisories/gilels • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48720 – Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-48720
21 Dec 2023 — Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. Student Result Management System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'password' del recurso login.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. Student Result Manageme... • https://fluidattacks.com/advisories/gilels • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48718 – Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-48718
21 Dec 2023 — Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database. Student Result Management System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'class_name' del recurso add_students.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. Stude... • https://fluidattacks.com/advisories/gilels • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48716 – Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-48716
21 Dec 2023 — Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database. Student Result Management System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'class_id' del recurso add_classes.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. Student Res... • https://fluidattacks.com/advisories/gilels • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35270
https://notcve.org/view.php?id=CVE-2020-35270
25 Jan 2021 — Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker can able to access of Admin Panel and manage every account of Result. Student Result Management System en PHP con Código Fuente, está afectado por una inyección SQL. Un atacante puede ser capaz de acceder al Panel de Administración y manejar todas las cuentas del Resultado • https://projectnotes.org/it-projects/student-result-management-system-in-php-with-source-code • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •