CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39179 – College Management System v1.0 - Authenticated remote code execution
https://notcve.org/view.php?id=CVE-2022-39179
17 Nov 2022 — College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file. College Management System v1.0: ejecución remota de código autenticado. Un usuario administrador (la autenticación se puede omitir mediante la inyección SQL que mencioné en mi otro informe) puede cargar un archivo .php que contenga código malicioso a través del arc... • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39180 – College Management System v1.0 - SQL Injection (SQLi)
https://notcve.org/view.php?id=CVE-2022-39180
17 Nov 2022 — College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page College Management System v1.0 - Inyección SQL (SQLi). Insertando comandos SQL en los campos de nombre de usuario y contraseña en la página login.php. College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 40%CPEs: 1EXPL: 1CVE-2022-32420
https://notcve.org/view.php?id=CVE-2022-32420
01 Jul 2022 — College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file. Se ha detectado que College Management System versión v1.0 contiene una vulnerabilidad de ejecución de código remota (RCE) por medio del archivo /College/admin/teacher.php. Esta vulnerabilidad es explotada por medio de un archivo PHP diseñado • https://github.com/rainb0w-q/bug_report/blob/main/vendors/itsourcecode.com/college-management-system/RCE-1.md •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30404
https://notcve.org/view.php?id=CVE-2022-30404
13 May 2022 — College Management System v1.0 is vulnerable to SQL Injection via /College_Management_System/admin/display-teacher.php?teacher_id=. College Management System versión v1.0, es vulnerable a una inyección SQL por medio de /College_Management_System/admin/display-teacher.php?teacher_id= • https://github.com/k0xx11/bug_report/blob/main/vendors/code-projects/College-Management-System/SQLi-1.md. • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 85%CPEs: 1EXPL: 4CVE-2022-28079 – College Management System 1.0 - 'course_code' SQL Injection (Authenticated)
https://notcve.org/view.php?id=CVE-2022-28079
05 May 2022 — College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter. Se ha detectado que College Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro course_code College Management System version 1.0 suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/167131 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26615
https://notcve.org/view.php?id=CVE-2022-26615
05 Apr 2022 — A cross-site scripting (XSS) vulnerability in College Website Content Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User Profile Name text fields. Una vulnerabilidad de tipo cross-site scripting (XSS) en College Website Content Management System versión v1.0, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada inyectada en los campos de texto de User Profile Name • https://github.com/nsparker1337/OpenSource/blob/main/exploit_xss_cwms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1078 – SourceCodester College Website Management System sql injection
https://notcve.org/view.php?id=CVE-2022-1078
29 Mar 2022 — A vulnerability was found in SourceCodester College Website Management System 1.0. It has been classified as critical. Affected is the file /cwms/admin/?page=articles/view_article/. The manipulation of the argument id with the input ' and (select * from(select(sleep(10)))Avx) and 'abc' = 'abc with an unknown input leads to sql injection. • https://vuldb.com/?id.194856 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1075 – College Website Management System Contact cross site scripting
https://notcve.org/view.php?id=CVE-2022-1075
29 Mar 2022 — A vulnerability was found in College Website Management System 1.0 and classified as problematic. Affected by this issue is the file /cwms/classes/Master.php?f=save_contact of the component Contact Handler. The manipulation leads to persistent cross site scripting. The attack may be launched remotely and requires authentication. • https://vuldb.com/?id.194846 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25408
https://notcve.org/view.php?id=CVE-2020-25408
24 May 2021 — A Cross-Site Request Forgery (CSRF) vulnerability exists in ProjectWorlds College Management System Php 1.0 that allows a remote attacker to modify, delete, or make a new entry of the student, faculty, teacher, subject, scores, location, and article data. Se presenta una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en ProjectWorlds College Management System Php versión 1.0, que permite a un atacante remoto modificar, eliminar o realizar una nueva entrada de datos de estudiantes, profesores, asig... • https://github.com/olotieno/College-Management-System-Php • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25409
https://notcve.org/view.php?id=CVE-2020-25409
24 May 2021 — Projectsworlds College Management System Php 1.0 is vulnerable to SQL injection issues over multiple parameters. Projectsworlds College Management System Php versión 1.0, es vulnerable a problemas de inyección SQL en parámetros múltiples • https://github.com/olotieno/College-Management-System-Php/tree/master/College-Management-System%20in%20Php_5.5/College-Management-System%20in%20Php_5.5 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •