Qdocs Smart School vulnerabilities
5 known vulnerabilities affecting qdocs/smart_school.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-5495P2CRITICALCVSS 9.8PoCv6.4.12023-10-10
CVE-2023-5495 [CRITICAL] CWE-89 CVE-2023-5495: A vulnerability was found in QDocs Smart School 6.4.1. It has been classified as critical. This affe
A vulnerability was found in QDocs Smart School 6.4.1. It has been classified as critical. This affects an unknown part of the file /course/filterRecords/ of the component HTTP POST Request Handler. The manipulation of the argument searchdata[0][title]/searchdata[0][searchfield]/searchdata[0][searchvalue] leads to sql injection. It is possible to ini
nvd
CVE-2024-8784P3HIGHCVSS 8.8v7.0.02024-09-13
CVE-2024-8784 [HIGH] CWE-89 CVE-2024-8784: A vulnerability classified as critical was found in QDocs Smart School Management System 7.0.0. Affe
A vulnerability classified as critical was found in QDocs Smart School Management System 7.0.0. Affected by this vulnerability is an unknown functionality of the file /user/chat/mynewuser of the component Chat. The manipulation of the argument users[] with the input 1'+AND+(SELECT+3220+FROM+(SELECT(SLEEP(5)))ZNun)+AND+'WwBM'%3d'WwBM as part of POST Reque
nvd
CVE-2025-60500P3HIGHCVSS 7.2v7.1.02025-10-21
CVE-2025-60500 [HIGH] CWE-434 CVE-2025-60500: QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant"
QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of arbitrary PHP files, which are stored in a web-accessible directory.
nvd
CVE-2025-41107P4MEDIUMCVSS 5.4v7.0.02025-11-10
CVE-2025-41107 [MEDIUM] CWE-79 CVE-2025-41107: Stored Cross Site Scripting (XSS) vulnerability in Smart School 7.0 due to lack of proper validation
Stored Cross Site Scripting (XSS) vulnerability in Smart School 7.0 due to lack of proper validation of user input when sending a POST request to '/online_admission', wich affects the parameters 'firstname', 'lastname', 'guardian_name' and others. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user
nvd
CVE-2024-34240P4MEDIUMCVSS 6.1v7.0.02024-05-21
CVE-2024-34240 [MEDIUM] CWE-79 CVE-2024-34240: QDOCS Smart School 7.0.0 is vulnerable to Cross Site Scripting (XSS) resulting in arbitrary code exe
QDOCS Smart School 7.0.0 is vulnerable to Cross Site Scripting (XSS) resulting in arbitrary code execution in admin functions related to adding or updating records.
nvd