CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39179 – College Management System v1.0 - Authenticated remote code execution
https://notcve.org/view.php?id=CVE-2022-39179
College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file. College Management System v1.0: ejecución remota de código autenticado. Un usuario administrador (la autenticación se puede omitir mediante la inyección SQL que mencioné en mi otro informe) puede cargar un archivo .php que contenga código malicioso a través del archivo Student.php. • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39180 – College Management System v1.0 - SQL Injection (SQLi)
https://notcve.org/view.php?id=CVE-2022-39180
College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page College Management System v1.0 - Inyección SQL (SQLi). Insertando comandos SQL en los campos de nombre de usuario y contraseña en la página login.php. • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-32420
https://notcve.org/view.php?id=CVE-2022-32420
College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file. Se ha detectado que College Management System versión v1.0 contiene una vulnerabilidad de ejecución de código remota (RCE) por medio del archivo /College/admin/teacher.php. Esta vulnerabilidad es explotada por medio de un archivo PHP diseñado • https://github.com/rainb0w-q/bug_report/blob/main/vendors/itsourcecode.com/college-management-system/RCE-1.md •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30404
https://notcve.org/view.php?id=CVE-2022-30404
College Management System v1.0 is vulnerable to SQL Injection via /College_Management_System/admin/display-teacher.php?teacher_id=. College Management System versión v1.0, es vulnerable a una inyección SQL por medio de /College_Management_System/admin/display-teacher.php?teacher_id= • https://github.com/k0xx11/bug_report/blob/main/vendors/code-projects/College-Management-System/SQLi-1.md. • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 67%CPEs: 1EXPL: 3CVE-2022-28079 – College Management System 1.0 - 'course_code' SQL Injection (Authenticated)
https://notcve.org/view.php?id=CVE-2022-28079
College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter. Se ha detectado que College Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro course_code College Management System version 1.0 suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/50933 http://packetstormsecurity.com/files/167131/College-Management-System-1.0-SQL-Injection.html https://code-projects.org/college-management-system-in-php-with-source-code https://github.com/erengozaydin/College-Management-System-course_code-SQL-Injection-Authenticated https://www.nu11secur1ty.com/2022/05/cve-2022-28079.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •