Student Information System
Monthly
A flaw has been found in code-projects Student Information System 1.0. This issue affects some unknown processing of the file /searchresults.php. Executing manipulation of the argument searchbox can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
Cross-site scripting (XSS) via unsanitized firstname and lastname parameters in /profile.php of code-projects Student Information System 1.0 allows authenticated remote attackers with user interaction to inject malicious scripts affecting confidentiality. The vulnerability carries a low CVSS score (2.0) due to authentication and user interaction requirements, but publicly available exploit code exists and EPSS analysis assigns 0.06% exploitation probability, reflecting limited real-world attack likelihood despite public POC availability.
An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information System (SIS) EagleR-1.0.118 allows attackers to execute arbitrary code via ../ in the filePath. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw has been found in code-projects Student Information System 1.0. This issue affects some unknown processing of the file /searchresults.php. Executing manipulation of the argument searchbox can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
Cross-site scripting (XSS) via unsanitized firstname and lastname parameters in /profile.php of code-projects Student Information System 1.0 allows authenticated remote attackers with user interaction to inject malicious scripts affecting confidentiality. The vulnerability carries a low CVSS score (2.0) due to authentication and user interaction requirements, but publicly available exploit code exists and EPSS analysis assigns 0.06% exploitation probability, reflecting limited real-world attack likelihood despite public POC availability.
An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information System (SIS) EagleR-1.0.118 allows attackers to execute arbitrary code via ../ in the filePath. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.