RSS   Vulnerabilities for 'School event management system'   RSS

2018-11-16
 
CVE-2018-18795

CWE-89
 

 
School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.

 
 
CVE-2018-18794

CWE-352
 

 
School Event Management System 1.0 allows CSRF via user/controller.php?action=edit.

 
 
CVE-2018-18793

CWE-434
 

 
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.

 


Copyright 2024, cxsecurity.com

 

Back to Top