CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6766 – PHPGurukul Teacher Subject Allocation Management System Delete Course course.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-6766
A vulnerability classified as problematic has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Affected is an unknown function of the file /admin/course.php of the component Delete Course Handler. The manipulation of the argument delid leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_delete_course.md https://vuldb.com/?ctiid.247896 https://vuldb.com/?id.247896 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6653 – PHPGurukul Teacher Subject Allocation Management System Create a new Subject subject.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-6653
A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/subject.php of the component Create a new Subject. The manipulation of the argument cid leads to cross-site request forgery. The attack may be launched remotely. • https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_add_sub.md https://vuldb.com/?ctiid.247346 https://vuldb.com/?id.247346 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6649 – PHPGurukul Teacher Subject Allocation Management System index.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-6649
A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file index.php. The manipulation of the argument searchdata with the input <script>alert(5)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/tsas-reflected-xss.md https://vuldb.com/?ctiid.247342 https://vuldb.com/?id.247342 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-46024 – Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLi
https://notcve.org/view.php?id=CVE-2023-46024
SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter. Vulnerabilidad de inyección SQL en index.php en phpgurukul Teacher Subject Allocation Management System 1.0 permite a atacantes ejecutar comandos SQL arbitrarios y obtener información confidencial a través del parámetro 'searchdata'. Teacher Subject Allocation Management System version 1.0 suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/51914 https://github.com/ersinerenler/phpgurukul-Teacher-Subject-Allocation-Management-System-1.0/blob/main/CVE-2023-46024-phpgurukul-Teacher-Subject-Allocation-Management-System-1.0-SQL-Injection-Vulnerability.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46025
https://notcve.org/view.php?id=CVE-2023-46025
SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to obtain sensitive information via the 'editid' parameter. Vulnerabilidad de inyección SQL en teacher-info.php en phpgurukul Teacher Subject Allocation Management System 1.0 permite a atacantes obtener información confidencial a través del parámetro 'editid'. • https://github.com/ersinerenler/phpgurukul-Teacher-Subject-Allocation-Management-System-1.0/blob/main/CVE-2023-46025-phpgurukul-Teacher-Subject-Allocation-Management-System-1.0-SQL-Injection-Vulnerability.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •