Produkt School event management system ( project...) - CVEMAP.ORG

Podatności dla 'School event management system'

2018-11-16

CVE-2018-18795

CWE-89

School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.

CVE-2018-18794

CWE-352

School Event Management System 1.0 allows CSRF via user/controller.php?action=edit.

CVE-2018-18793

CWE-434

School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.

Copyright 2024, cxsecurity.com