Simple College Project Simple College vulnerabilities
2 known vulnerabilities affecting simple_college_project/simple_college.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2020-28172P2CRITICALCVSS 9.8v1.02021-03-31
CVE-2020-28172 [CRITICAL] CWE-89 CVE-2020-28172: A SQL injection vulnerability in Simple College Website 1.0 allows remote unauthenticated attackers
A SQL injection vulnerability in Simple College Website 1.0 allows remote unauthenticated attackers to bypass the admin authentication mechanism in college_website/admin/ajax.php?action=login, thus gaining access to the website administrative panel.
nvd
CVE-2020-28173P3HIGHCVSS 7.2v1.02021-03-31
CVE-2020-28173 [HIGH] CWE-434 CVE-2020-28173: Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php
Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is stored in /alumni/admin/assets/uploads/.
nvd