Academiaerp Student Information System vulnerabilities
3 known vulnerabilities affecting academiaerp/student_information_system.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-25948P2CRITICALCVSS 9.1veagler-1.0.1182025-03-03
CVE-2025-25948 [CRITICAL] CWE-284 CVE-2025-25948: Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd A
Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.
nvd
CVE-2024-53636P3CRITICALCVSS 9.8veagler-1.0.1182025-04-26
CVE-2024-53636 [CRITICAL] CWE-24 CVE-2024-53636: An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information Sy
An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information System (SIS) EagleR-1.0.118 allows attackers to execute arbitrary code via ../ in the filePath parameter.
nvd
CVE-2025-25949P4MEDIUMCVSS 5.4veagler-1.0.1182025-03-03
CVE-2025-25949 [MEDIUM] CWE-79 CVE-2025-25949: A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Inf
A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the User ID parameter at /rest/staffResource/update.
nvd