RSS   Vulnerabilities for
'Schools alert management script'
   RSS

2018-06-08
 
CVE-2018-12055

CWE-89
 

 
Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on.

 
 
CVE-2018-12054

CWE-22
 

 
Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.

 
 
CVE-2018-12053

CWE-22
 

 
Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal.

 
 
CVE-2018-12052

CWE-89
 

 
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.

 
 
CVE-2018-12051

CWE-434
 

 
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type.

 
2018-02-23
 
CVE-2018-6859

CWE-89
 

 
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top