Vulnerabilities > School Event Management System Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-16 | CVE-2018-18795 | SQL Injection vulnerability in School Event Management System Project School Event Management System 1.0 School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter. | 7.5 |
| 2018-11-16 | CVE-2018-18794 | Cross-Site Request Forgery (CSRF) vulnerability in School Event Management System Project School Event Management System 1.0 School Event Management System 1.0 allows CSRF via user/controller.php?action=edit. | 6.8 |
| 2018-11-16 | CVE-2018-18793 | Unrestricted Upload of File with Dangerous Type vulnerability in School Event Management System Project School Event Management System 1.0 School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos. | 7.5 |