CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33569
https://notcve.org/view.php?id=CVE-2023-33569
06 Jun 2023 — Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=update_user. • https://github.com/Cr4at0r/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/RCE-1.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2962 – SourceCodester Faculty Evaluation System sql injection
https://notcve.org/view.php?id=CVE-2023-2962
29 May 2023 — A vulnerability, which was classified as critical, has been found in SourceCodester Faculty Evaluation System 1.0. Affected by this issue is some unknown functionality of the file index.php?page=edit_user. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. • https://github.com/JinYunlei/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 2%CPEs: 1EXPL: 1CVE-2023-33439
https://notcve.org/view.php?id=CVE-2023-33439
26 May 2023 — Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=. • https://github.com/F14me7wq/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 2%CPEs: 1EXPL: 3CVE-2023-33440 – Faculty Evaluation System 1.0 - Unauthenticated File Upload
https://notcve.org/view.php?id=CVE-2023-33440
26 May 2023 — Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user. Faculty Evaluation System version 1.0 suffers from a remote shell upload vulnerability. • https://packetstorm.news/files/id/172672 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31842
https://notcve.org/view.php?id=CVE-2023-31842
15 May 2023 — Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/index.php?page=edit_faculty&id=. • https://github.com/acmglz/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31843
https://notcve.org/view.php?id=CVE-2023-31843
15 May 2023 — Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/view_faculty.php?id=. • https://github.com/acmglz/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31844
https://notcve.org/view.php?id=CVE-2023-31844
15 May 2023 — Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_subject.php?id=. • https://github.com/acmglz/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-3.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31845
https://notcve.org/view.php?id=CVE-2023-31845
15 May 2023 — Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_class.php?id=. • https://github.com/acmglz/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-4.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2369 – SourceCodester Faculty Evaluation System manage_restriction.php sql injection
https://notcve.org/view.php?id=CVE-2023-2369
28 Apr 2023 — A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/manage_restriction.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. • https://github.com/f0llow/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-3.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2368 – SourceCodester Faculty Evaluation System sql injection
https://notcve.org/view.php?id=CVE-2023-2368
28 Apr 2023 — A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php?page=manage_questionnaire. The manipulation of the argument id leads to sql injection. • https://github.com/f0llow/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •