School Management System
Monthly
SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /settings/index.php allows unauthenticated remote attackers to manipulate database queries and potentially read or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available. Organizations running affected versions should implement access controls or upgrade immediately to mitigate the risk.
SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /ramonsys/user/controller.php allows unauthenticated remote attackers to execute arbitrary SQL queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available, requiring organizations to implement alternative mitigations or restrict access to vulnerable systems.
SQL injection in itsourcecode School Management System 1.0 allows unauthenticated remote attackers to manipulate the 'ay' parameter in /ramonsys/report/index.php, potentially enabling data exfiltration, modification, or service disruption. Public exploit code exists for this vulnerability and no patch is currently available, creating immediate risk for deployed instances.
School Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /ramonsys/settings/controller.php allows unauthenticated remote attackers to manipulate database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation enables data exfiltration, modification, and potential service disruption.
SQL injection in itsourcecode Student Management System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /ramonsys/billing/index.php and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could enable data exfiltration, modification, or deletion depending on database permissions.
SQL injection in itsourcecode Student Management System 1.0 via the ID parameter in /ramonsys/soa/index.php allows unauthenticated remote attackers to manipulate database queries with public exploit code available. The vulnerability enables attackers to read, modify, or delete sensitive educational data without authentication or user interaction. No patch is currently available, leaving affected installations at risk of data compromise.
SQL injection in itsourcecode Student Management System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /ramonsys/facultyloading/index.php, potentially enabling unauthorized database access and modification. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at active risk.
SQL injection in itsourcecode Student Management System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /ramonsys/enrollment/controller.php, enabling unauthorized database access and potential data modification. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for affected school institutions.
SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /enrollment/index.php enables unauthenticated remote attackers to manipulate database queries and extract or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can be executed over the network against affected installations.
SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /ramonsys/faculty/index.php enables unauthenticated remote attackers to read, modify, or delete database contents. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in itsourcecode School Management System 1.0 via the txtsearch parameter in /ramonsys/inquiry/index.php enables unauthenticated remote attackers to execute arbitrary SQL queries with limited impact on confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and no patch is currently available.
School Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 6.3).
School Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /subject/index.php allows unauthenticated remote attackers to query, modify, or delete database contents. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can be executed over the network against vulnerable instances.
SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /student/index.php enables unauthenticated remote attackers to query or manipulate the database. Public exploit code exists for this vulnerability, and no patch is currently available, leaving all installations at risk.
kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /client_user/feedback.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the formuser and formpassword parameters in /adminLogin.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw has been found in ProjectsAndPrograms School Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A Reflected Cross-site Scripting (XSS) vulnerability exists in the themeSet.php file of ProjectsAndPrograms School Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 93.0.0 due to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mj_smgt_remove_feetype' and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'view-attendance' page in all versions up to, and including, 92.0.0 due to insufficient escaping. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'mj_smgt_show_event_task' AJAX action in all versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /settings/index.php allows unauthenticated remote attackers to manipulate database queries and potentially read or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available. Organizations running affected versions should implement access controls or upgrade immediately to mitigate the risk.
SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /ramonsys/user/controller.php allows unauthenticated remote attackers to execute arbitrary SQL queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available, requiring organizations to implement alternative mitigations or restrict access to vulnerable systems.
SQL injection in itsourcecode School Management System 1.0 allows unauthenticated remote attackers to manipulate the 'ay' parameter in /ramonsys/report/index.php, potentially enabling data exfiltration, modification, or service disruption. Public exploit code exists for this vulnerability and no patch is currently available, creating immediate risk for deployed instances.
School Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /ramonsys/settings/controller.php allows unauthenticated remote attackers to manipulate database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation enables data exfiltration, modification, and potential service disruption.
SQL injection in itsourcecode Student Management System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /ramonsys/billing/index.php and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could enable data exfiltration, modification, or deletion depending on database permissions.
SQL injection in itsourcecode Student Management System 1.0 via the ID parameter in /ramonsys/soa/index.php allows unauthenticated remote attackers to manipulate database queries with public exploit code available. The vulnerability enables attackers to read, modify, or delete sensitive educational data without authentication or user interaction. No patch is currently available, leaving affected installations at risk of data compromise.
SQL injection in itsourcecode Student Management System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /ramonsys/facultyloading/index.php, potentially enabling unauthorized database access and modification. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at active risk.
SQL injection in itsourcecode Student Management System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /ramonsys/enrollment/controller.php, enabling unauthorized database access and potential data modification. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for affected school institutions.
SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /enrollment/index.php enables unauthenticated remote attackers to manipulate database queries and extract or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can be executed over the network against affected installations.
SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /ramonsys/faculty/index.php enables unauthenticated remote attackers to read, modify, or delete database contents. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in itsourcecode School Management System 1.0 via the txtsearch parameter in /ramonsys/inquiry/index.php enables unauthenticated remote attackers to execute arbitrary SQL queries with limited impact on confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and no patch is currently available.
School Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 6.3).
School Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /subject/index.php allows unauthenticated remote attackers to query, modify, or delete database contents. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can be executed over the network against vulnerable instances.
SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /student/index.php enables unauthenticated remote attackers to query or manipulate the database. Public exploit code exists for this vulnerability, and no patch is currently available, leaving all installations at risk.
kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /client_user/feedback.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the formuser and formpassword parameters in /adminLogin.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw has been found in ProjectsAndPrograms School Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A Reflected Cross-site Scripting (XSS) vulnerability exists in the themeSet.php file of ProjectsAndPrograms School Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 93.0.0 due to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mj_smgt_remove_feetype' and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'view-attendance' page in all versions up to, and including, 92.0.0 due to insufficient escaping. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'mj_smgt_show_event_task' AJAX action in all versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.