Page 5 of 33 results (0.015 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability has been found in Kashipara College Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file submit_student.php. The manipulation of the argument date_of_birth leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/College%20Management%20System/College%20Management%20System%20-%20vuln%203.pdf https://vuldb.com/?ctiid.263920 https://vuldb.com/?id.263920 https://vuldb.com/?submit.332545 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as critical, was found in Kashipara College Management System 1.0. This affects an unknown part of the file view_each_faculty.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/College%20Management%20System/College%20Management%20System%20-%20vuln%202.pdf https://vuldb.com/?ctiid.263919 https://vuldb.com/?id.263919 https://vuldb.com/?submit.332544 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file. College Management System v1.0: ejecución remota de código autenticado. Un usuario administrador (la autenticación se puede omitir mediante la inyección SQL que mencioné en mi otro informe) puede cargar un archivo .php que contenga código malicioso a través del archivo Student.php. • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page College Management System v1.0 - Inyección SQL (SQLi). Insertando comandos SQL en los campos de nombre de usuario y contraseña en la página login.php. • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file. Se ha detectado que College Management System versión v1.0 contiene una vulnerabilidad de ejecución de código remota (RCE) por medio del archivo /College/admin/teacher.php. Esta vulnerabilidad es explotada por medio de un archivo PHP diseñado • https://github.com/rainb0w-q/bug_report/blob/main/vendors/itsourcecode.com/college-management-system/RCE-1.md •