Oretnom23 Computer Laboratory Management System vulnerabilities

CVE-2026-3770 [MEDIUM] CWE-352 CVE-2026-3770: A flaw has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an u A flaw has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used.

CVE-2025-45956 [HIGH] CWE-89 CVE-2025-45956: A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1.0 allows an authenticated attacker to execute arbitrary SQL commands via the "id" parameter

CVE-2024-54818 [HIGH] CWE-281 CVE-2024-54818: SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. via /php-lms/admin/?page=user/list.

CVE-2024-40443 [MEDIUM] CWE-89 CVE-2024-40443: SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows a remote attacker to cause a denial of service via the delete_users function in the Useres.php

CVE-2024-8348 [MEDIUM] CWE-89 CVE-2024-8348: A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laborat A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function delete_category of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been dis

CVE-2024-8347 [MEDIUM] CWE-89 CVE-2024-8347: A vulnerability classified as critical was found in SourceCodester Computer Laboratory Management Sy A vulnerability classified as critical was found in SourceCodester Computer Laboratory Management System 1.0. Affected by this vulnerability is the function delete_record of the file /classes/Master.php?f=delete_record. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the

CVE-2024-8346 [MEDIUM] CWE-89 CVE-2024-8346: A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Manageme A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. Affected is the function update_settings_info of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been discl

CVE-2024-41332 [MEDIUM] CWE-284 CVE-2024-41332: Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Manag Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories.

CVE-2024-34480 [CRITICAL] CWE-89 CVE-2024-34480: SourceCodester Computer Laboratory Management System 1.0 allows admin/category/view_category.php id SourceCodester Computer Laboratory Management System 1.0 allows admin/category/view_category.php id SQL Injection.

CVE-2024-34479 [CRITICAL] CWE-89 CVE-2024-34479: SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection. SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection.

CVE-2024-31586 [MEDIUM] CWE-79 CVE-2024-31586: A Cross Site Scripting (XSS) vulnerability exists in Computer Laboratory Management System version 1 A Cross Site Scripting (XSS) vulnerability exists in Computer Laboratory Management System version 1.0. This vulnerability allows a remote attacker to execute arbitrary code via the Borrower Name, Department, and Remarks parameters.

CVE-2024-35581 [MEDIUM] CWE-94 CVE-2024-35581: A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allow A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Borrower Name input field.

CVE-2024-35583 [MEDIUM] CWE-79 CVE-2024-35583: A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allow A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Remarks input field.

CVE-2024-35582 [MEDIUM] CWE-79 CVE-2024-35582: A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allow A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Department input field.

CVE-2024-34224 [HIGH] CWE-79 CVE-2024-34224: Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Manag Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters.

CVE-2024-34225 [MEDIUM] CWE-94 CVE-2024-34225: Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Managem Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters.

CVE-2024-31545 [CRITICAL] CWE-89 CVE-2024-31545: Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/?page=user/manage_user&id=6.

CVE-2024-31547 [CRITICAL] CWE-89 CVE-2024-31547: Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/item/view_item.php.

CVE-2024-31546 [CRITICAL] CWE-89 CVE-2024-31546: Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/damage/view_damage.php.

CVE-2024-3695 [LOW] CWE-79 CVE-2024-3695: A vulnerability has been found in SourceCodester Computer Laboratory Management System 1.0 and class A vulnerability has been found in SourceCodester Computer Laboratory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be us