A stored cross-site scripting (XSS) vulnerability exists in the student_management_system_by_php repository maintained by raisulislamg4. The flaw resides in the admission_form_check.php file, where the Message parameter fails to properly sanitize user input, allowing injection of arbitrary web scripts. The vulnerability is remotely exploitable and requires low privileges with user interaction. The project [truncated]
A SQL injection vulnerability exists in the student_management_system_by_php repository by raisulislamg4, affecting versions up to commit 310d950e09013d5133c6b9210aff9444382d16d1. The vulnerability resides in the `add_user_check.php` file within the User Creation Handler component, where the `role` parameter is insufficiently sanitized, allowing an attacker to inject arbitrary SQL commands. Remote exploit [truncated]
A SQL injection vulnerability exists in the raisulislamg4/student_management_system_by_php project, specifically within the delete.php file. Multiple identifier parameters—user_id, course_id, teacher_id, student_id, and application_id—are susceptible to manipulation, enabling remote attackers to inject arbitrary SQL commands. The project follows a rolling release model without discrete version numbers, co [truncated]
A SQL injection vulnerability exists in the student_management_system_by_php repository by raisulislamg4, affecting the login_check.php file's Username parameter. The vulnerability allows remote, unauthenticated attackers to manipulate SQL queries through crafted input. The project uses a rolling release model without discrete version numbers, complicating patch identification. The maintainer was notified [truncated]