CVE-2023-27214
https://notcve.org/view.php?id=CVE-2023-27214
Online Student Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the fromdate and todate parameters at /eduauth/student/between-date-reprtsdetails.php. • https://github.com/xiumulty/CVE/blob/main/online%20student%20management%20system%20v1.0/sql%20in%20between-date-reprtsdetails.php.md https://www.sourcecodester.com/php/16137/online-student-management-system-php-free-download.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-1099 – SourceCodester Online Student Management System edit-class-detail.php sql injection
https://notcve.org/view.php?id=CVE-2023-1099
A vulnerability was found in SourceCodester Online Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file eduauth/edit-class-detail.php. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. • https://github.com/E1CHO/cve_hub/blob/main/Online%20student%20management%20system%20pdf/Online%20student%20management%20system%20sql%20vlun%201.pdf https://vuldb.com/?ctiid.222002 https://vuldb.com/?id.222002 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-42021
https://notcve.org/view.php?id=CVE-2022-42021
Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=. Best Student Result Management System versión v1.0, es vulnerable a una inyección SQL por medio del archivo /upresult/upresult/notice-details.php?nid= • https://github.com/623085881/bug_report/blob/main/vendors/mayuri_k/Best%20Student%20Result%20Management%20System/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-40887
https://notcve.org/view.php?id=CVE-2022-40887
SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection. SourceCodester Best Student Result Management System versión 1.0, es vulnerable a una inyección SQL • https://github.com/toyydsBT123/One_of_my_take_on_SourceCodester/blob/main/Best-Student-Result-Management-System_1.0.poc.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-33371
https://notcve.org/view.php?id=CVE-2021-33371
A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en el archivo /nav_bar_action.php de Student Management System versión v1.0, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada inyectada en el cuadro de chat • https://www.exploit-db.com/exploits/49865 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •