Skip to main content

School Management System

35 CVEs product

Monthly

CVE-2024-46336 MEDIUM POC This Month

kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /client_user/feedback.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS School Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-46334 MEDIUM POC This Month

kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the formuser and formpassword parameters in /adminLogin.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS School Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-11661 MEDIUM POC This Month

A vulnerability was found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown part. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery

Authentication Bypass School Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.2%
CVE-2025-11660 MEDIUM POC This Month

A vulnerability has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this issue is some unknown functionality of the file /assets/uploadSllyabus.php. Such manipulation of the argument File leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable.

PHP Authentication Bypass File Upload School Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-11659 MEDIUM POC This Month

A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this vulnerability is an unknown functionality of the file /assets/uploadNotes.php. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.

PHP Authentication Bypass File Upload School Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-11658 MEDIUM POC This Month

A vulnerability was detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected is an unknown function of the file /assets/changeSllyabus.php. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit is now public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.

PHP Authentication Bypass File Upload School Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-11657 MEDIUM POC This Month

A security vulnerability has been detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This impacts an unknown function of the file /assets/createNotice.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.

PHP Authentication Bypass File Upload School Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-11656 MEDIUM POC This Month

A weakness has been identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown function of the file /assets/editNotes.php. Executing manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

PHP Authentication Bypass File Upload School Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-51967 MEDIUM POC This Month

A Reflected Cross-site Scripting (XSS) vulnerability exists in the themeSet.php file of ProjectsAndPrograms School Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS School Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2024-9658 HIGH This Week

The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation School Management System
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-12611 MEDIUM This Month

The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 93.0.0 due to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass XSS School Management System
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-12610 MEDIUM This Month

The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mj_smgt_remove_feetype' and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass School Management System
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-12609 MEDIUM This Month

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'view-attendance' page in all versions up to, and including, 92.0.0 due to insufficient escaping. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi School Management System
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-12607 MEDIUM This Month

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'mj_smgt_show_event_task' AJAX action in all versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi School Management System
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-9660 HIGH This Week

The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_load_documets_new() and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload School Management System
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-9659 CRITICAL Act Now

The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_user_avatar_image_upload() function in all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress File Upload School Management System
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-42575 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42574 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42573 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at dtmarks.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42572 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42571 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42570 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at admininsert.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42569 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at paidclass.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42568 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the transport parameter at vehicle.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42567 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42566 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the password parameter at login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-6279 MEDIUM POC This Month

A vulnerability was found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6278 MEDIUM POC This Month

A vulnerability has been found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-6277 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in lahirudanushka School Management System 1.0.0/1.0.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-6276 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1.php of the component Teacher Page. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-6275 MEDIUM POC This Month

A vulnerability classified as critical was found in lahirudanushka School Management System 1.0.0/1.0.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-6274 MEDIUM POC This Month

A vulnerability classified as critical has been found in lahirudanushka School Management System 1.0.0/1.0.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-6268 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2022-36193 CRITICAL POC Act Now

SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2017-14843 HIGH POC This Week

Mojoomla School Management System for WordPress allows SQL Injection via the id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi School Management System
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.7%
EPSS 0% CVSS 6.1
MEDIUM POC This Month

kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /client_user/feedback.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS School Management System
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the formuser and formpassword parameters in /adminLogin.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS School Management System
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown part. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery

Authentication Bypass School Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this issue is some unknown functionality of the file /assets/uploadSllyabus.php. Such manipulation of the argument File leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable.

PHP Authentication Bypass File Upload +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this vulnerability is an unknown functionality of the file /assets/uploadNotes.php. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.

PHP Authentication Bypass File Upload +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected is an unknown function of the file /assets/changeSllyabus.php. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit is now public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.

PHP Authentication Bypass File Upload +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security vulnerability has been detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This impacts an unknown function of the file /assets/createNotice.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.

PHP Authentication Bypass File Upload +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A weakness has been identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown function of the file /assets/editNotes.php. Executing manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

PHP Authentication Bypass File Upload +1
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM POC This Month

A Reflected Cross-site Scripting (XSS) vulnerability exists in the themeSet.php file of ProjectsAndPrograms School Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS School Management System
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation School Management System
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 93.0.0 due to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass XSS +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mj_smgt_remove_feetype' and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass School Management System
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'view-attendance' page in all versions up to, and including, 92.0.0 due to insufficient escaping. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi School Management System
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'mj_smgt_show_event_task' AJAX action in all versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi School Management System
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_load_documets_new() and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_user_avatar_image_upload() function in all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress File Upload +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at dtmarks.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at admininsert.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at paidclass.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the transport parameter at vehicle.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the password parameter at login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD VulDB
EPSS 1% CVSS 5.1
MEDIUM POC This Month

A vulnerability has been found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD VulDB
EPSS 1% CVSS 5.1
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in lahirudanushka School Management System 1.0.0/1.0.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD VulDB
EPSS 1% CVSS 5.1
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1.php of the component Teacher Page. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD VulDB
EPSS 1% CVSS 5.1
MEDIUM POC This Month

A vulnerability classified as critical was found in lahirudanushka School Management System 1.0.0/1.0.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD VulDB
EPSS 1% CVSS 5.1
MEDIUM POC This Month

A vulnerability classified as critical has been found in lahirudanushka School Management System 1.0.0/1.0.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD VulDB
EPSS 1% CVSS 6.9
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi School Management System
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Mojoomla School Management System for WordPress allows SQL Injection via the id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi School Management System
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy