CVE-2022-28412
https://notcve.org/view.php?id=CVE-2022-28412
Car Driving School Managment System v1.0 was discovered to contain a SQL injection vulnerability via /cdsms/classes/Master.php?f=delete_package. Se ha detectado que Car Driving School Managment System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio de /cdsms/classes/Master.php?f=delete_package • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/car-driving-school-management-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-28413
https://notcve.org/view.php?id=CVE-2022-28413
Car Driving School Management System v1.0 was discovered to contain a SQL injection vulnerability via /cdsms/classes/Master.php?f=delete_enrollment. Se ha detectado que Car Driving School Managment System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio de /cdsms/classes/Master.php?f=delete_enrollment • https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/car-driving-school-management-system/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-24572
https://notcve.org/view.php?id=CVE-2022-24572
Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vulnerability, an admin views the registered user details. Car Driving School Management System versión v1.0, está afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS) en el formulario de inscripción de usuarios (campo Username). Para explotar esta vulnerabilidad, un administrador visualiza los detalles del usuario registrado. • https://github.com/nsparker1337/OpenSource/blob/main/exploit_xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-24571
https://notcve.org/view.php?id=CVE-2022-24571
Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacker can use simple SQL login injection payload to get admin access. Car Driving School Management System versión v1.0, está afectado por una inyección SQL en la página de inicio de sesión. Un atacante puede usar una simple carga útil de inyección SQL de inicio de sesión para conseguir acceso de administrador. • https://github.com/nsparker1337/OpenSource/blob/main/exploit_sql https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-24571 https://www.nu11secur1ty.com/2022/03/cve-2022-24571.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-46013
https://notcve.org/view.php?id=CVE-2021-46013
An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing "<?php system($_GET["cmd"]); ?>" gets uploaded it is saved into /uploads/exam_question/ directory, and is accessible by all users. • https://www.exploit-db.com/exploits/50587 • CWE-434: Unrestricted Upload of File with Dangerous Type •