Student Management System
Monthly
SQL injection in imvks786 Student Management System (rolling release up to commit 9599b560) allows remote unauthenticated attackers to manipulate the usr and pwd parameters of /index.ph in the Login component to inject arbitrary SQL. Publicly available exploit code exists per VulDB, though the project is on a rolling release with no tagged fix and the maintainer has not responded to the issue report. No CISA KEV listing and no EPSS score is provided, but the trivial network-reachable login vector makes opportunistic scanning likely.
Authentication bypass in sayan365's Student Management System exposes multiple protected endpoints to remote unauthenticated attackers, allowing unauthorized access to application functionality across the entire codebase up to commit 7f3c9ce7d410332335c2affac93a385485051800. The CVSS 4.0 vector confirms trivial, unauthenticated network exploitation (AV:N/AC:L/AT:N/PR:N/UI:N), and publicly available exploit code exists per the E:P maturity modifier and GitHub issue #4. The maintainer has not responded to responsible disclosure, leaving no patch available and the exploit window open indefinitely.
Execution After Redirect (EAR) in a4m4's Student-Management-System exposes admin/ endpoints to unauthorized data access via manipulation of the uid parameter, allowing server-side PHP logic to execute and return sensitive output despite issuing an HTTP redirect response. The CVSS vector (PR:N) confirms no authentication is required, and the exploit has been publicly published via a GitHub issue, making this trivially reproducible. No patch exists and the project maintainer has not responded to disclosure, leaving all deployed instances exposed with no vendor remediation timeline.
Cross-site scripting in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0 allows a high-privileged authenticated attacker to inject malicious script into the Name argument on the Dashboard Page, which executes in the browser of any user who subsequently views the affected page. The vulnerability requires both elevated privileges and victim interaction, placing real-world impact firmly in the low-to-negligible range despite network reachability. No public exploit identified at time of analysis as actively weaponized (no CISA KEV listing), though publicly available exploit code exists via a GitHub issue disclosure.
SQL injection in sambitraj's Student Management System 1.0 exposes the login page to unauthenticated remote exploitation via a crafted email parameter, enabling attackers to manipulate backend database queries. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no authentication, no user interaction, and no special conditions are required for exploitation. A public proof-of-concept exploit exists via a published GitHub issue, and the vendor has not responded to responsible disclosure - no patch is available at time of analysis.
Improper access control in sambitraj's STUDENT-MANAGEMENT-SYSTEM exposes multiple Dashboard endpoints to unauthenticated remote attackers, enabling unauthorized read and write operations on student data. The vulnerability, tagged as an authentication bypass (CWE-284), affects all code up to and including commit 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5 and is confirmed by a publicly disclosed exploit via GitHub issue. No public exploit identified at time of analysis for active KEV-level exploitation, however publicly available exploit code exists and the maintainer has not responded to responsible disclosure, leaving the codebase unpatched.
A vulnerability was found in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /add_student/ of the component Add Student Module. [CVSS 2.4 LOW]
phpgurukul Student Management System 1.0 is vulnerable to SQL Injection in studentms/admin/search.php via the searchdata parameter. [CVSS 8.8 HIGH]
A vulnerability was identified in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /statistical.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
A vulnerability was detected in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /list_report.php. The manipulation of the argument sy results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
A security vulnerability has been detected in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /form137.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
A security flaw has been discovered in itsourcecode Student Management System 1.0. This issue affects some unknown processing of the file /student_p.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.
A security flaw has been discovered in itsourcecode Student Management System 1.0. This affects an unknown part of the file /record.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
A vulnerability was identified in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /candidates_report.php. The manipulation of the argument school_year leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
A vulnerability has been found in itsourcecode Student Managemen System 1.0. Affected by this issue is some unknown functionality of the file /advisers.php. Such manipulation of the argument sy leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was determined in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /addrecord.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /update_subject.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
A vulnerability was detected in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /uprec.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
A security flaw has been discovered in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /update_program.php. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.
A weakness has been identified in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /update_account.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
A vulnerability was determined in itsourcecode Student Management System 1.0. This affects an unknown part of the file /new_grade.php. This manipulation of the argument grade causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
A vulnerability was found in itsourcecode Student Management System 1.0. Affected by this issue is some unknown functionality of the file /promote.php. The manipulation of the argument sy results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
A vulnerability has been found in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /new_school_year.php. The manipulation of the argument sy leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A flaw has been found in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /new_adviser.php. Executing manipulation of the argument Name can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/login.php via the username and password parameters. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/password-recovery.php via the emailid and id. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in code-projects Student Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SQL injection in imvks786 Student Management System (rolling release up to commit 9599b560) allows remote unauthenticated attackers to manipulate the usr and pwd parameters of /index.ph in the Login component to inject arbitrary SQL. Publicly available exploit code exists per VulDB, though the project is on a rolling release with no tagged fix and the maintainer has not responded to the issue report. No CISA KEV listing and no EPSS score is provided, but the trivial network-reachable login vector makes opportunistic scanning likely.
Authentication bypass in sayan365's Student Management System exposes multiple protected endpoints to remote unauthenticated attackers, allowing unauthorized access to application functionality across the entire codebase up to commit 7f3c9ce7d410332335c2affac93a385485051800. The CVSS 4.0 vector confirms trivial, unauthenticated network exploitation (AV:N/AC:L/AT:N/PR:N/UI:N), and publicly available exploit code exists per the E:P maturity modifier and GitHub issue #4. The maintainer has not responded to responsible disclosure, leaving no patch available and the exploit window open indefinitely.
Execution After Redirect (EAR) in a4m4's Student-Management-System exposes admin/ endpoints to unauthorized data access via manipulation of the uid parameter, allowing server-side PHP logic to execute and return sensitive output despite issuing an HTTP redirect response. The CVSS vector (PR:N) confirms no authentication is required, and the exploit has been publicly published via a GitHub issue, making this trivially reproducible. No patch exists and the project maintainer has not responded to disclosure, leaving all deployed instances exposed with no vendor remediation timeline.
Cross-site scripting in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0 allows a high-privileged authenticated attacker to inject malicious script into the Name argument on the Dashboard Page, which executes in the browser of any user who subsequently views the affected page. The vulnerability requires both elevated privileges and victim interaction, placing real-world impact firmly in the low-to-negligible range despite network reachability. No public exploit identified at time of analysis as actively weaponized (no CISA KEV listing), though publicly available exploit code exists via a GitHub issue disclosure.
SQL injection in sambitraj's Student Management System 1.0 exposes the login page to unauthenticated remote exploitation via a crafted email parameter, enabling attackers to manipulate backend database queries. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no authentication, no user interaction, and no special conditions are required for exploitation. A public proof-of-concept exploit exists via a published GitHub issue, and the vendor has not responded to responsible disclosure - no patch is available at time of analysis.
Improper access control in sambitraj's STUDENT-MANAGEMENT-SYSTEM exposes multiple Dashboard endpoints to unauthenticated remote attackers, enabling unauthorized read and write operations on student data. The vulnerability, tagged as an authentication bypass (CWE-284), affects all code up to and including commit 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5 and is confirmed by a publicly disclosed exploit via GitHub issue. No public exploit identified at time of analysis for active KEV-level exploitation, however publicly available exploit code exists and the maintainer has not responded to responsible disclosure, leaving the codebase unpatched.
A vulnerability was found in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /add_student/ of the component Add Student Module. [CVSS 2.4 LOW]
phpgurukul Student Management System 1.0 is vulnerable to SQL Injection in studentms/admin/search.php via the searchdata parameter. [CVSS 8.8 HIGH]
A vulnerability was identified in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /statistical.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
A vulnerability was detected in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /list_report.php. The manipulation of the argument sy results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
A security vulnerability has been detected in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /form137.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
A security flaw has been discovered in itsourcecode Student Management System 1.0. This issue affects some unknown processing of the file /student_p.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.
A security flaw has been discovered in itsourcecode Student Management System 1.0. This affects an unknown part of the file /record.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
A vulnerability was identified in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /candidates_report.php. The manipulation of the argument school_year leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
A vulnerability has been found in itsourcecode Student Managemen System 1.0. Affected by this issue is some unknown functionality of the file /advisers.php. Such manipulation of the argument sy leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was determined in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /addrecord.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /update_subject.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
A vulnerability was detected in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /uprec.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
A security flaw has been discovered in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /update_program.php. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.
A weakness has been identified in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /update_account.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
A vulnerability was determined in itsourcecode Student Management System 1.0. This affects an unknown part of the file /new_grade.php. This manipulation of the argument grade causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
A vulnerability was found in itsourcecode Student Management System 1.0. Affected by this issue is some unknown functionality of the file /promote.php. The manipulation of the argument sy results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
A vulnerability has been found in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /new_school_year.php. The manipulation of the argument sy leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A flaw has been found in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /new_adviser.php. Executing manipulation of the argument Name can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/login.php via the username and password parameters. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/password-recovery.php via the emailid and id. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in code-projects Student Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.