School Event Management System Project School Event Management System vulnerabilities
3 known vulnerabilities affecting school_event_management_system_project/school_event_management_system.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2018-18793P2CRITICALCVSS 9.8PoCv1.02018-11-16
CVE-2018-18793 [CRITICAL] CWE-434 CVE-2018-18793: School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=phot
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.
nvd
CVE-2018-18795P3CRITICALCVSS 9.8PoCv1.02018-11-16
CVE-2018-18795 [CRITICAL] CWE-89 CVE-2018-18795: School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id
School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.
nvd
CVE-2018-18794P3HIGHCVSS 8.8PoCv1.02018-11-16
CVE-2018-18794 [HIGH] CWE-352 CVE-2018-18794: School Event Management System 1.0 allows CSRF via user/controller.php?action=edit.
School Event Management System 1.0 allows CSRF via user/controller.php?action=edit.
nvd