CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4516 – Campcodes Complete Web-Based School Management System timetable.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-4516
06 May 2024 — A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /view/timetable.php. The manipulation of the argument grade leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4515 – Campcodes Complete Web-Based School Management System timetable_grade_wise.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-4515
06 May 2024 — A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /view/timetable_grade_wise.php. The manipulation of the argument grade leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%203.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4514 – Campcodes Complete Web-Based School Management System timetable_insert_form.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-4514
06 May 2024 — A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/timetable_insert_form.php. The manipulation of the argument grade leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%202.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4513 – Campcodes Complete Web-Based School Management System timetable_update_form.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-4513
06 May 2024 — A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/timetable_update_form.php. The manipulation of the argument grade leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%201.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33407
https://notcve.org/view.php?id=CVE-2024-33407
06 May 2024 — SQL injection vulnerability in /model/delete_record.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en /model/delete_record.php en campcodes Complete Web-Based School Management System 1.0 permite al atacante ejecutar comandos SQL arbitrarios a través del parámetro id. • https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%206.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33408
https://notcve.org/view.php?id=CVE-2024-33408
06 May 2024 — A SQL injection vulnerability in /model/get_classroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. Una vulnerabilidad de inyección SQL en /model/get_classroom.php en campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro id. • https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33406
https://notcve.org/view.php?id=CVE-2024-33406
06 May 2024 — SQL injection vulnerability in /model/delete_student_grade_subject.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter. Vulnerabilidad de inyección SQL en /model/delete_student_grade_subject.php en campcodes Complete Web-Based School Management System 1.0 permite al atacante ejecutar comandos SQL arbitrarios a través del parámetro index. • https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33410
https://notcve.org/view.php?id=CVE-2024-33410
06 May 2024 — SQL injection vulnerability in /model/delete_range_grade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en /model/delete_range_grade.php en campcodes Complete Web-Based School Management System 1.0 permite al atacante ejecutar comandos SQL arbitrarios a través del parámetro id. • https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%205.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33405
https://notcve.org/view.php?id=CVE-2024-33405
06 May 2024 — SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter. Vulnerabilidad de inyección SQL en add_friends.php en campcodes Complete Web-Based School Management System 1.0 permite al atacante ejecutar comandos SQL arbitrarios a través del parámetro friend_index. • https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33411
https://notcve.org/view.php?id=CVE-2024-33411
06 May 2024 — A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter. Una vulnerabilidad de inyección SQL en /model/get_admin_profile.php en Campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a través del parámetro my_index. • https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2010.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •