Vulnerabilities > Casap Automated Enrollment System Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-08 | CVE-2021-40261 | Cross-site Scripting vulnerability in Casap Automated Enrollment System Project Casap Automated Enrollment System 1.0 Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via the (1) user_username and (2) category parameters in save_class.php, the (3) firstname, (4) class, and (5) status parameters in student_table.php, the (6) category and (7) class_name parameters in add_class1.php, the (8) fname, (9) mname,(10) lname, (11) address, (12) class, (13) gfname, (14) gmname, (15) glname, (16) rship, (17) status, (18) transport, and (19) route parameters in add_student.php, the (20) fname, (21) mname, (22) lname, (23) address, (24) class, (25) fgname, (26) gmname, (27) glname, (28) rship, (29) status, (30) transport, and (31) route parameters in save_stud.php,the (32) status, (33) fname, and (34) lname parameters in add_user.php, the (35) username, (36) firstname, and (37) status parameters in users.php, the (38) fname, (39) lname, and (40) status parameters in save_user.php, and the (41) activity_log, (42) aprjun, (43) class, (44) janmar, (45) Julsep,(46) octdec, (47) Students and (48) users parameters in table_name. | 4.3 |
| 2021-07-22 | CVE-2021-26223 | SQL Injection vulnerability in Casap Automated Enrollment System Project Casap Automated Enrollment System 1.0 SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_pay.php. | 7.5 |
| 2021-07-22 | CVE-2021-27332 | Cross-site Scripting vulnerability in Casap Automated Enrollment System Project Casap Automated Enrollment System 1.0 Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the class_name parameter to update_class.php. | 4.3 |
| 2021-07-22 | CVE-2021-26226 | SQL Injection vulnerability in Casap Automated Enrollment System Project Casap Automated Enrollment System 1.0 SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_user.php. | 7.5 |
| 2021-07-22 | CVE-2021-26227 | Cross-site Scripting vulnerability in Casap Automated Enrollment System Project Casap Automated Enrollment System 1.0 Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the student information parameters to edit_stud.php. | 4.3 |
| 2021-07-22 | CVE-2021-26228 | SQL Injection vulnerability in Casap Automated Enrollment System Project Casap Automated Enrollment System 1.0 SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_class1.php. | 7.5 |
| 2021-07-22 | CVE-2021-26229 | SQL Injection vulnerability in Casap Automated Enrollment System Project Casap Automated Enrollment System 1.0 SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_stud.php. | 7.5 |
| 2021-07-22 | CVE-2021-26230 | Cross-site Scripting vulnerability in Casap Automated Enrollment System Project Casap Automated Enrollment System 1.0 Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the user information to save_user.php. | 4.3 |
| 2021-04-15 | CVE-2021-27129 | Cross-site Scripting vulnerability in Casap Automated Enrollment System Project Casap Automated Enrollment System 1.0 CASAP Automated Enrollment System version 1.0 contains a cross-site scripting (XSS) vulnerability through the Students > Edit > ROUTE parameter. | 3.5 |
| 2021-02-15 | CVE-2021-26201 | SQL Injection vulnerability in Casap Automated Enrollment System Project Casap Automated Enrollment System 1.0 The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable to SQL injection authentication bypass. | 7.5 |