CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4801 – Kashipara College Management System submit_new_faculty.php sql injection
https://notcve.org/view.php?id=CVE-2024-4801
12 May 2024 — A vulnerability was found in Kashipara College Management System 1.0 and classified as critical. This issue affects some unknown processing of the file submit_new_faculty.php. The manipulation of the argument address leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/College%20Management%20System/College%20Management%20System%20-%20vuln%204.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4800 – Kashipara College Management System submit_student.php sql injection
https://notcve.org/view.php?id=CVE-2024-4800
12 May 2024 — A vulnerability has been found in Kashipara College Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file submit_student.php. The manipulation of the argument date_of_birth leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/College%20Management%20System/College%20Management%20System%20-%20vuln%203.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4799 – Kashipara College Management System view_each_faculty.php sql injection
https://notcve.org/view.php?id=CVE-2024-4799
12 May 2024 — A vulnerability, which was classified as critical, was found in Kashipara College Management System 1.0. This affects an unknown part of the file view_each_faculty.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/College%20Management%20System/College%20Management%20System%20-%20vuln%202.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39179 – College Management System v1.0 - Authenticated remote code execution
https://notcve.org/view.php?id=CVE-2022-39179
17 Nov 2022 — College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file. College Management System v1.0: ejecución remota de código autenticado. Un usuario administrador (la autenticación se puede omitir mediante la inyección SQL que mencioné en mi otro informe) puede cargar un archivo .php que contenga código malicioso a través del arc... • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39180 – College Management System v1.0 - SQL Injection (SQLi)
https://notcve.org/view.php?id=CVE-2022-39180
17 Nov 2022 — College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page College Management System v1.0 - Inyección SQL (SQLi). Insertando comandos SQL en los campos de nombre de usuario y contraseña en la página login.php. College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-32420
https://notcve.org/view.php?id=CVE-2022-32420
01 Jul 2022 — College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file. Se ha detectado que College Management System versión v1.0 contiene una vulnerabilidad de ejecución de código remota (RCE) por medio del archivo /College/admin/teacher.php. Esta vulnerabilidad es explotada por medio de un archivo PHP diseñado • https://github.com/rainb0w-q/bug_report/blob/main/vendors/itsourcecode.com/college-management-system/RCE-1.md •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30404
https://notcve.org/view.php?id=CVE-2022-30404
13 May 2022 — College Management System v1.0 is vulnerable to SQL Injection via /College_Management_System/admin/display-teacher.php?teacher_id=. College Management System versión v1.0, es vulnerable a una inyección SQL por medio de /College_Management_System/admin/display-teacher.php?teacher_id= • https://github.com/k0xx11/bug_report/blob/main/vendors/code-projects/College-Management-System/SQLi-1.md. • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 90%CPEs: 1EXPL: 4CVE-2022-28079 – College Management System 1.0 - 'course_code' SQL Injection (Authenticated)
https://notcve.org/view.php?id=CVE-2022-28079
05 May 2022 — College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter. Se ha detectado que College Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro course_code College Management System version 1.0 suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/167131 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25408
https://notcve.org/view.php?id=CVE-2020-25408
24 May 2021 — A Cross-Site Request Forgery (CSRF) vulnerability exists in ProjectWorlds College Management System Php 1.0 that allows a remote attacker to modify, delete, or make a new entry of the student, faculty, teacher, subject, scores, location, and article data. Se presenta una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en ProjectWorlds College Management System Php versión 1.0, que permite a un atacante remoto modificar, eliminar o realizar una nueva entrada de datos de estudiantes, profesores, asig... • https://github.com/olotieno/College-Management-System-Php • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25409
https://notcve.org/view.php?id=CVE-2020-25409
24 May 2021 — Projectsworlds College Management System Php 1.0 is vulnerable to SQL injection issues over multiple parameters. Projectsworlds College Management System Php versión 1.0, es vulnerable a problemas de inyección SQL en parámetros múltiples • https://github.com/olotieno/College-Management-System-Php/tree/master/College-Management-System%20in%20Php_5.5/College-Management-System%20in%20Php_5.5 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •