Vulnerabilities > College Management System Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-17 | CVE-2022-39179 | SQL Injection vulnerability in College Management System Project College Management System 1.0 College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file. | 7.2 |
| 2022-11-17 | CVE-2022-39180 | SQL Injection vulnerability in College Management System Project College Management System 1.0 College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page | 9.8 |
| 2022-07-01 | CVE-2022-32420 | Unspecified vulnerability in College Management System Project College Management System 1.0 College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. | 6.8 |
| 2022-05-13 | CVE-2022-30404 | SQL Injection vulnerability in College Management System Project College Management System 1.0 College Management System v1.0 is vulnerable to SQL Injection via /College_Management_System/admin/display-teacher.php?teacher_id=. | 6.5 |
| 2022-05-05 | CVE-2022-28079 | SQL Injection vulnerability in College Management System Project College Management System 1.0 College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter. | 6.5 |
| 2021-05-24 | CVE-2020-25408 | Cross-Site Request Forgery (CSRF) vulnerability in College Management System Project College Management System 1.0 A Cross-Site Request Forgery (CSRF) vulnerability exists in ProjectWorlds College Management System Php 1.0 that allows a remote attacker to modify, delete, or make a new entry of the student, faculty, teacher, subject, scores, location, and article data. | 4.3 |
| 2021-05-24 | CVE-2020-25409 | SQL Injection vulnerability in College Management System Project College Management System 1.0 Projectsworlds College Management System Php 1.0 is vulnerable to SQL injection issues over multiple parameters. | 7.5 |
| 2021-02-08 | CVE-2020-26051 | SQL Injection vulnerability in College Management System Project College Management System 1.0 College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query. | 7.5 |