Student Result Management System
Monthly
Student Result Management System versions up to 1.0 is affected by improper resource shutdown or release (CVSS 6.5).
SourceCodester Student Result Management System 1.0 contains improper access controls in the bulk user import functionality that allows unauthenticated remote attackers to manipulate file parameters and gain unauthorized access. Public exploit code exists for this vulnerability, though no patch is currently available. The attack requires no user interaction and can be exploited over the network with basic complexity.
Improper access control in SourceCodester Student Result Management System 1.0 allows unauthenticated remote attackers to manipulate the SMTP configuration through the update_smtp.php endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations running vulnerable PHP-based installations face potential compromise of email settings and system integrity.
A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2.0. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
CVE-2025-7534 is a critical SQL injection vulnerability in PHPGurukul Student Result Management System 2.0, exploitable through the 'nid' GET parameter in /notice-details.php. An unauthenticated remote attacker can manipulate this parameter to execute arbitrary SQL queries, potentially compromising confidentiality, integrity, and availability of the application database. Public exploit disclosure and confirmed attack surface (unauthenticated, network-accessible endpoint) elevate real-world risk despite the moderate CVSS 7.3 score.
A remote code execution vulnerability in A vulnerability classified as critical (CVSS 5.3). Risk factors: public PoC available.
Critical SQL injection vulnerability in PHPGurukul Student Result Management System version 1.3, exploitable through the emp1ctc parameter in /editmyexp.php. An unauthenticated remote attacker can manipulate this parameter to inject malicious SQL commands, potentially leading to unauthorized data access, modification, or deletion. With a publicly disclosed exploit and CVSS 7.3 rating reflecting network-based remote exploitation with low attack complexity and no authentication requirements, this vulnerability poses significant risk to exposed instances.
A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in SourceCodester Student Result Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability was found in SourceCodester Student Result Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Student Result Management System versions up to 1.0 is affected by improper resource shutdown or release (CVSS 6.5).
SourceCodester Student Result Management System 1.0 contains improper access controls in the bulk user import functionality that allows unauthenticated remote attackers to manipulate file parameters and gain unauthorized access. Public exploit code exists for this vulnerability, though no patch is currently available. The attack requires no user interaction and can be exploited over the network with basic complexity.
Improper access control in SourceCodester Student Result Management System 1.0 allows unauthenticated remote attackers to manipulate the SMTP configuration through the update_smtp.php endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations running vulnerable PHP-based installations face potential compromise of email settings and system integrity.
A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2.0. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
CVE-2025-7534 is a critical SQL injection vulnerability in PHPGurukul Student Result Management System 2.0, exploitable through the 'nid' GET parameter in /notice-details.php. An unauthenticated remote attacker can manipulate this parameter to execute arbitrary SQL queries, potentially compromising confidentiality, integrity, and availability of the application database. Public exploit disclosure and confirmed attack surface (unauthenticated, network-accessible endpoint) elevate real-world risk despite the moderate CVSS 7.3 score.
A remote code execution vulnerability in A vulnerability classified as critical (CVSS 5.3). Risk factors: public PoC available.
Critical SQL injection vulnerability in PHPGurukul Student Result Management System version 1.3, exploitable through the emp1ctc parameter in /editmyexp.php. An unauthenticated remote attacker can manipulate this parameter to inject malicious SQL commands, potentially leading to unauthorized data access, modification, or deletion. With a publicly disclosed exploit and CVSS 7.3 rating reflecting network-based remote exploitation with low attack complexity and no authentication requirements, this vulnerability poses significant risk to exposed instances.
A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in SourceCodester Student Result Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability was found in SourceCodester Student Result Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.