Vulnerabilities > School Event Management System Project

DATE CVE VULNERABILITY TITLE RISK
2018-11-16 CVE-2018-18795 SQL Injection vulnerability in School Event Management System Project School Event Management System 1.0
School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.
network
low complexity
school-event-management-system-project CWE-89
critical
 9.8
9.8
2018-11-16 CVE-2018-18794 Cross-Site Request Forgery (CSRF) vulnerability in School Event Management System Project School Event Management System 1.0
School Event Management System 1.0 allows CSRF via user/controller.php?action=edit. 		8.8
8.8
2018-11-16 CVE-2018-18793 Unrestricted Upload of File with Dangerous Type vulnerability in School Event Management System Project School Event Management System 1.0
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.
network
low complexity
school-event-management-system-project CWE-434
critical
 9.8
9.8