These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A low-severity vulnerability was detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. The issue is caused by improper handling of user input in the /add.php file, allowing for cross-site scripting (XSS) attacks. The vulnerability has a CVSS score of 2 and is considered low severity. The exploit is publicly available, and the project has not yet responded to the issue report.
A security vulnerability has been detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file /see.php of the component Student Deletion Endpoint. The manipulation of the argument del leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed public [truncated]
A weakness has been identified in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. The issue affects an unknown function of the file /add.php of the component Student Record Handler. This weakness can lead to improper access controls and can be exploited remotely. The exploit has been made publicly available and could be used for attacks. The product uses a rolling releas [truncated]
A SQL injection vulnerability has been discovered in the student_management_system up to version 9599b560ad3c3b83e75d328b76bedcd489ef1f46. The vulnerability affects an unknown function of the file admin/admin_login.php of the Administrator Login Endpoint. An attacker can manipulate the argument a_usr/a_pwd to inject malicious SQL code, allowing for remote exploitation. The exploit has been publicly releas [truncated]
A SQL injection vulnerability was identified in the student_management_system up to version 9599b560ad3c3b83e75d328b76bedcd489ef1f46. The vulnerability affects an unknown function of the file /index.php of the component Login. Manipulation of the argument usr/pwd leads to SQL injection. The attack can be executed remotely. The exploit is publicly available and might be used. This product implements a roll [truncated]