Society Management System
Monthly
Society Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
SQL injection in itsourcecode Society Management System 1.0 allows unauthenticated remote attackers to manipulate the activity_id parameter in /admin/edit_activity.php, enabling data exfiltration, modification, or denial of service. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in itsourcecode Society Management System 1.0's expense editing functionality allows unauthenticated remote attackers to manipulate the expenses_id parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables attackers to access, modify, or delete sensitive financial data with minimal complexity.
SQL injection in itsourcecode Society Management System 1.0 allows unauthenticated remote attackers to manipulate the expenses_id parameter in /admin/delete_expenses.php, enabling unauthorized database access and modification. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at immediate risk.
SQL injection in itsourcecode Society Management System 1.0 through the admin_id parameter in /admin/edit_admin.php allows unauthenticated remote attackers to manipulate the database. Public exploit code exists for this vulnerability, and no patch is currently available, putting all installations at immediate risk of data compromise.
SQL injection in itsourcecode Society Management System 1.0 allows unauthenticated remote attackers to manipulate the student_id parameter in /admin/edit_student_query.php, enabling unauthorized database queries and potential data exfiltration or modification. Public exploit code exists for this vulnerability, and no patch is currently available, increasing the risk of active exploitation.
SQL injection in itsourcecode Society Management System 1.0's expense administration interface allows unauthenticated remote attackers to manipulate the detail parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems expose confidentiality, integrity, and availability of underlying data.
Society Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
Reflected cross-site scripting in itsourcecode Society Management System 1.0 allows unauthenticated remote attackers to inject malicious scripts via the Title parameter in /admin/activity.php. Public exploit code exists for this vulnerability, enabling potential attacks against affected deployments. A security patch is not currently available.
Reflected cross-site scripting in itsourcecode Society Management System 1.0 allows remote attackers to inject malicious scripts through the detail parameter in /admin/expenses.php, potentially compromising administrator sessions and data. Public exploit code exists for this vulnerability, and no patch is currently available, leaving deployed instances at risk of client-side attacks.
Society Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
SQL injection in itsourcecode Society Management System 1.0 allows authenticated attackers to manipulate the Title parameter in /admin/add_activity.php, enabling remote data exfiltration, modification, or denial of service. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in itsourcecode Society Management System 1.0 allows authenticated attackers to manipulate the Title parameter in /admin/edit_activity_query.php, enabling remote data exfiltration, modification, or deletion. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected systems at risk.
Society Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
SQL injection in itsourcecode Society Management System 1.0 allows unauthenticated remote attackers to manipulate the activity_id parameter in /admin/edit_activity.php, enabling data exfiltration, modification, or denial of service. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in itsourcecode Society Management System 1.0's expense editing functionality allows unauthenticated remote attackers to manipulate the expenses_id parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables attackers to access, modify, or delete sensitive financial data with minimal complexity.
SQL injection in itsourcecode Society Management System 1.0 allows unauthenticated remote attackers to manipulate the expenses_id parameter in /admin/delete_expenses.php, enabling unauthorized database access and modification. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at immediate risk.
SQL injection in itsourcecode Society Management System 1.0 through the admin_id parameter in /admin/edit_admin.php allows unauthenticated remote attackers to manipulate the database. Public exploit code exists for this vulnerability, and no patch is currently available, putting all installations at immediate risk of data compromise.
SQL injection in itsourcecode Society Management System 1.0 allows unauthenticated remote attackers to manipulate the student_id parameter in /admin/edit_student_query.php, enabling unauthorized database queries and potential data exfiltration or modification. Public exploit code exists for this vulnerability, and no patch is currently available, increasing the risk of active exploitation.
SQL injection in itsourcecode Society Management System 1.0's expense administration interface allows unauthenticated remote attackers to manipulate the detail parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems expose confidentiality, integrity, and availability of underlying data.
Society Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
Reflected cross-site scripting in itsourcecode Society Management System 1.0 allows unauthenticated remote attackers to inject malicious scripts via the Title parameter in /admin/activity.php. Public exploit code exists for this vulnerability, enabling potential attacks against affected deployments. A security patch is not currently available.
Reflected cross-site scripting in itsourcecode Society Management System 1.0 allows remote attackers to inject malicious scripts through the detail parameter in /admin/expenses.php, potentially compromising administrator sessions and data. Public exploit code exists for this vulnerability, and no patch is currently available, leaving deployed instances at risk of client-side attacks.
Society Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
SQL injection in itsourcecode Society Management System 1.0 allows authenticated attackers to manipulate the Title parameter in /admin/add_activity.php, enabling remote data exfiltration, modification, or denial of service. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in itsourcecode Society Management System 1.0 allows authenticated attackers to manipulate the Title parameter in /admin/edit_activity_query.php, enabling remote data exfiltration, modification, or deletion. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected systems at risk.