Serosoft Academia Student Information System vulnerabilities
8 known vulnerabilities affecting serosoft/academia_student_information_system.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2024-53636P3CRITICALCVSS 9.8vEagleR-1.0.1182025-04-26
CVE-2024-53636 [CRITICAL] CWE-24 CVE-2024-53636: An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information Sy
An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information System (SIS) EagleR-1.0.118 allows attackers to execute arbitrary code via ../ in the filePath parameter.
nvd
CVE-2025-27583P3CRITICALCVSS 9.1veagler-1.0.1182025-03-03
CVE-2025-27583 [CRITICAL] CWE-862 CVE-2025-27583: Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solu
Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.
nvd
CVE-2025-25950P3HIGHCVSS 8.1veagler-1.0.1182025-03-03
CVE-2025-25950 [HIGH] CWE-284 CVE-2025-25950: Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd A
Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.
nvd
CVE-2025-25951P3HIGHCVSS 7.5veagler-1.0.1182025-03-03
CVE-2025-25951 [HIGH] CWE-200 CVE-2025-25951: An information disclosure vulnerability in the component /rest/cb/executeBasicSearch of Serosoft Sol
An information disclosure vulnerability in the component /rest/cb/executeBasicSearch of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information.
nvd
CVE-2025-25952P3MEDIUMCVSS 6.5veagler-1.0.1182025-03-03
CVE-2025-25952 [MEDIUM] CWE-639 CVE-2025-25952: An Insecure Direct Object References (IDOR) in the component /getStudemtAllDetailsById?studentId=XX
An Insecure Direct Object References (IDOR) in the component /getStudemtAllDetailsById?studentId=XX of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information via a crafted API request.
nvd
CVE-2025-25953P3MEDIUMCVSS 6.5veagler-1.0.1182025-03-03
CVE-2025-25953 [MEDIUM] CWE-862 CVE-2025-25953: Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered
Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. This vulnerability allows authenticated attackers to escalate privileges and access sensitive information.
nvd
CVE-2025-27584P4MEDIUMCVSS 5.4veagler-1.0.1182025-03-03
CVE-2025-27584 [MEDIUM] CWE-79 CVE-2025-27584: A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Inf
A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name parameter at /rest/staffResource/update.
nvd
CVE-2025-27585P4MEDIUMCVSS 5.4veagler-1.0.1182025-03-03
CVE-2025-27585 [MEDIUM] CWE-79 CVE-2025-27585: A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Inf
A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Print Name parameter at /rest/staffResource/update.
nvd