CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5007 – Student Information System v1.0 - Multiple Authenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-5007
Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'id' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database. Student Information System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL autenticada. El parámetro 'id' del recurso marks.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/kissin https://www.kashipara.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5011 – Student Information System v1.0 - Multiple Authenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-5011
Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursename' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database. Student Information System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL autenticada. El parámetro 'coursename' del recurso marks.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/kissin https://www.kashipara.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5010 – Student Information System v1.0 - Multiple Authenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-5010
Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database. Student Information System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL autenticada. El parámetro 'coursecode' del recurso marks.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/kissin https://www.kashipara.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5008 – Student Information System v1.0 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2023-5008
Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. Student Information System v1.0 es afectado por una vulnerabilidad de inyección SQL no autenticada en el parámetro 'regno' de la página index.php, lo que permite a un atacante externo volcar todo el contenido de la base de datos y evitar el control de inicio de sesión. • https://fluidattacks.com/advisories/blechacz https://www.kashipara.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4122 – Student Information System v1.0 - Insecure File Upload
https://notcve.org/view.php?id=CVE-2023-4122
Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. Student Information System v1.0 es afectado por una vulnerabilidad de carga de archivos insegura en el parámetro 'foto' de la página de mi perfil, lo que permite a un atacante autenticado obtener la ejecución remota de código en el servidor que aloja la aplicación. • https://fluidattacks.com/advisories/rubinstein https://www.kashipara.com • CWE-434: Unrestricted Upload of File with Dangerous Type •