CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25408
https://notcve.org/view.php?id=CVE-2020-25408
A Cross-Site Request Forgery (CSRF) vulnerability exists in ProjectWorlds College Management System Php 1.0 that allows a remote attacker to modify, delete, or make a new entry of the student, faculty, teacher, subject, scores, location, and article data. Se presenta una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en ProjectWorlds College Management System Php versión 1.0, que permite a un atacante remoto modificar, eliminar o realizar una nueva entrada de datos de estudiantes, profesores, asignaturas, puntuaciones, ubicación y artículos • https://github.com/olotieno/College-Management-System-Php https://nikhilkumar01.medium.com/cve-2020-25408-97eb7bcc23a6 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25409
https://notcve.org/view.php?id=CVE-2020-25409
Projectsworlds College Management System Php 1.0 is vulnerable to SQL injection issues over multiple parameters. Projectsworlds College Management System Php versión 1.0, es vulnerable a problemas de inyección SQL en parámetros múltiples • https://github.com/olotieno/College-Management-System-Php/tree/master/College-Management-System%20in%20Php_5.5/College-Management-System%20in%20Php_5.5 https://nikhilkumar01.medium.com/cve-2020-25409-5ecbe735c004 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-26051
https://notcve.org/view.php?id=CVE-2020-26051
College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query. College Management System Php versión 1.0, sufre de vulnerabilidades de inyección SQL en la página index.php de los parámetros POST "unametxt" y "pwdtxt", que no son filtradas antes de pasar una consulta SQL • https://www.exploit-db.com/exploits/48593 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •