CVE-2023-2152 – SourceCodester Student Study Center Desk Management System index.php file inclusion
https://notcve.org/view.php?id=CVE-2023-2152
A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/xzz0787/vul/blob/main/README.pdf https://vuldb.com/?ctiid.226273 https://vuldb.com/?id.226273 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVE-2023-2151 – SourceCodester Student Study Center Desk Management System manage_student.php sql injection
https://notcve.org/view.php?id=CVE-2023-2151
A vulnerability, which was classified as critical, was found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file manage_student.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/xzz0787/vul/blob/main/README.pdf https://vuldb.com/?ctiid.226272 https://vuldb.com/?id.226272 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-1568 – SourceCodester Student Study Center Desk Management System GET Parameter index.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-1568
A vulnerability classified as problematic has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file /admin/reports/index.php of the component GET Parameter Handler. The manipulation of the argument date_to leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/Student%20Study%20Center%20Desk%20Management%20System/Student%20Study%20Center%20Desk%20Management%20System%20-%20vlun2.pdf https://vuldb.com/?ctiid.223560 https://vuldb.com/?id.223560 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-1567 – SourceCodester Student Study Center Desk Management System assign.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-1567
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/assign/assign.php. The manipulation of the argument sid leads to cross site scripting. The attack may be initiated remotely. • https://github.com/E1CHO/cve_hub/blob/main/Student%20Study%20Center%20Desk%20Management%20System/Student%20Study%20Center%20Desk%20Management%20System%20-%20vlun1.pdf https://vuldb.com/?ctiid.223559 https://vuldb.com/?id.223559 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-1563 – SourceCodester Student Study Center Desk Management System assign.php sql injection
https://notcve.org/view.php?id=CVE-2023-1563
A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/assign/assign.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/Student%20Study%20Center%20Desk%20Management%20System/Student%20Study%20Center%20Desk%20Management%20System%20-%20vlun3.pdf https://vuldb.com/?ctiid.223555 https://vuldb.com/?id.223555 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •