CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46502
https://notcve.org/view.php?id=CVE-2022-46502
Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /student_enrollment/admin/login.php. Se descubrió que Online Student Enrollment System v1.0 contiene una vulnerabilidad de inyección SQL a través del parámetro de nombre de usuario en /student_enrollment/admin/login.php. • https://github.com/snowingllll/bug_report/blob/main/vendors/donbermoy/Online%20Student%20Enrollment%20System/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46503
https://notcve.org/view.php?id=CVE-2022-46503
A cross-site scripting (XSS) vulnerability in the component /admin/register.php of Online Student Enrollment System v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter. Una vulnerabilidad de cross site scripting (XSS) en el componente /admin/register.php de la aplicación Online Student Enrollment Sstem v1.0, lo que permite a los atacantes ejecutar scripts arbitrarios a través de un payload manipulado inyectado en el parámetro "nombre". • https://github.com/mkwsj007/bug_report/blob/main/vendors/donbermoy/Online%20Student%20Enrollment%20System/XSS-1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •