CVE-2018-18798 – School Attendance Monitoring System 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-18798
Attendance Monitoring System 1.0 has SQL Injection via the 'id' parameter to student/index.php?view=view, event/index.php?view=view, and user/index.php?view=view. Attendance Monitoring System 1.0 tiene una inyección SQL mediante el parámetro "id" en student/index.php? • https://www.exploit-db.com/exploits/45727 http://packetstormsecurity.com/files/150010/School-Attendance-Monitoring-System-1.0-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-18799 – School Attendance Monitoring System 1.0 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2018-18799
School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos. School Attendance Monitoring System 1.0 tiene Cross-Site Request Forgery (CSRF) mediante event/controller.php?action=photos. School Attendance Monitoring System version 1.0 suffers from a remote shell upload vulnerability. • https://www.exploit-db.com/exploits/45726 http://packetstormsecurity.com/files/150009/School-Attendance-Monitoring-System-1.0-Shell-Upload.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2018-18797 – School Attendance Monitoring System 1.0 - Cross-Site Request Forgery (Update Admin)
https://notcve.org/view.php?id=CVE-2018-18797
School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php. School Attendance Monitoring System 1.0 tiene Cross-Site Request Forgery (CSRF) mediante /user/user/edit.php. School Attendance Monitoring System version 1.0 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/45725 http://packetstormsecurity.com/files/150008/School-Attendance-Monitoring-System-1.0-Cross-Site-Request-Forgery.html • CWE-352: Cross-Site Request Forgery (CSRF) •