Code-Projects Simple School Management System vulnerabilities

9 known vulnerabilities affecting code-projects/simple_school_management_system.

Total CVEs

9

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH8MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2024-31610MEDIUMCVSS 6.3v1.02024-04-25

CVE-2024-31610 [MEDIUM] CWE-434 CVE-2024-31610: File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple Sc File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted file.

CVE-2024-25312HIGHCVSS 8.8v1.02024-02-09

CVE-2024-25312 [HIGH] CWE-89 CVE-2024-25312: Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "Sch Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/sub_delete.php?id=5."

CVE-2024-25309HIGHCVSS 8.8v1.02024-02-09

CVE-2024-25309 [HIGH] CWE-89 CVE-2024-25309: Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at Sc Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacher_login.php.

CVE-2024-25305HIGHCVSS 8.8v1.02024-02-09

CVE-2024-25305 [HIGH] CWE-89 CVE-2024-25305: Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and p Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/index.php.

CVE-2024-25308HIGHCVSS 8.8v1.02024-02-09

CVE-2024-25308 [HIGH] CWE-89 CVE-2024-25308: Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at Sc Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at School/teacher_login.php.

CVE-2024-25310HIGHCVSS 8.8v1.02024-02-09

CVE-2024-25310 [HIGH] CWE-89 CVE-2024-25310: Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "Sch Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/delete.php?id=5."

CVE-2024-25304HIGHCVSS 8.8v1.02024-02-09

CVE-2024-25304 [HIGH] CWE-89 CVE-2024-25304: Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at " Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php."

CVE-2024-25313HIGHCVSS 8.8v1.02024-02-09

CVE-2024-25313 [HIGH] CWE-287 CVE-2024-25313: Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and p Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/teacher_login.php.

CVE-2024-25306HIGHCVSS 8.8v1.02024-02-09

CVE-2024-25306 [HIGH] CWE-89 CVE-2024-25306: Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'aname' parameter at " Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'aname' parameter at "School/index.php".