cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-6212,https://securityvulnerability.io/vulnerability/CVE-2024-6212,Cross Site Scripting Vulnerability in Student_Form.php,A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. Affected by this issue is the function get_student of the file student_form.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269276.,Sourcecodester,Simple Student Attendance System,6.1,MEDIUM,0.0005200000014156103,false,,false,false,true,2024-06-20T23:15:00.000Z,true,false,false,,2024-06-21T00:15:00.000Z,0
CVE-2024-1923,https://securityvulnerability.io/vulnerability/CVE-2024-1923,SQL Injection Vulnerability in SourceCodester Simple Student Attendance System,"A SQL injection vulnerability has been identified in the SourceCodester Simple Student Attendance System version 1.0. This vulnerability affects the functions delete_class and delete_student located in the /ajax-api.php file of the List of Classes Page component. An attacker can manipulate the argument 'id' by injecting a crafted string, such as '1337'+or+1=1;--+, which can compromise the security of the application. This type of attack allows unauthorized access to sensitive data and can be executed remotely, posing significant risks to organizations using the affected software. It is crucial for users to implement necessary patches and security measures to mitigate the impact of this vulnerability.",Sourcecodester,Simple Student Attendance System,9.8,CRITICAL,0.0012100000167265534,false,,false,false,true,2024-02-27T16:00:06.000Z,true,false,false,,2024-02-27T16:00:06.873Z,0
CVE-2024-1834,https://securityvulnerability.io/vulnerability/CVE-2024-1834,Cross Site Scripting Vulnerability in Simple Student Attendance System 1.0,"A vulnerability exists in the SourceCodester Simple Student Attendance System 1.0, impacting the attendance page functionality. The issue is related to improper input handling in the class_date parameter, which allows malicious users to execute arbitrary JavaScript code in the context of an unsuspecting user's browser. By manipulating the input, an attacker can initiate cross-site scripting (XSS), potentially leading to theft of sensitive data, session hijacking, and further exploitation of the victim's browser. This vulnerability can be exploited remotely, placing users at significant risk.",Sourcecodester,Simple Student Attendance System,6.1,MEDIUM,0.0006900000153109431,false,,false,false,true,2024-02-23T20:00:11.000Z,true,false,false,,2024-02-23T20:00:11.202Z,0
CVE-2023-7058,https://securityvulnerability.io/vulnerability/CVE-2023-7058,SourceCodester Simple Student Attendance System path traversal,"A path traversal vulnerability exists in SourceCodester Simple Student Attendance System 1.0, where improper handling of input parameters allows attackers to navigate outside the intended directories. Specifically, manipulation of the 'page' argument can lead to unauthorized access through the '../filedir' path. This issue can be exploited remotely, posing a significant security risk as attackers may gain access to sensitive files on the server. Public disclosure of this vulnerability raises concerns for users and requires immediate attention.",SourceCodester,Simple Student Attendance System,9.8,CRITICAL,0.0014799999771639705,false,,false,false,false,,,false,false,,2023-12-22T05:15:00.000Z,0
CVE-2023-6771,https://securityvulnerability.io/vulnerability/CVE-2023-6771,SourceCodester Simple Student Attendance System actions.class.php save_attendance sql injection,"A vulnerability, which was classified as critical, has been found in SourceCodester Simple Student Attendance System 1.0. This issue affects the function save_attendance of the file actions.class.php. The manipulation of the argument sid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247907.",Sourcecodester,Simple Student Attendance System,5.5,MEDIUM,0.003220000071451068,false,,false,false,false,,,false,false,,2023-12-13T19:15:00.000Z,0
CVE-2023-6658,https://securityvulnerability.io/vulnerability/CVE-2023-6658,SourceCodester Simple Student Attendance System sql injection,A vulnerability classified as critical was found in SourceCodester Simple Student Attendance System 1.0. This vulnerability affects unknown code of the file ajax-api.php?action=save_attendance. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247366 is the identifier assigned to this vulnerability.,Sourcecodester,Simple Student Attendance System,5.5,MEDIUM,0.001509999972768128,false,,false,false,false,,,false,false,,2023-12-10T23:15:00.000Z,0
CVE-2023-6657,https://securityvulnerability.io/vulnerability/CVE-2023-6657,SourceCodester Simple Student Attendance System student_form.php sql injection,"A SQL injection vulnerability exists in the SourceCodester Simple Student Attendance System 1.0, specifically in the file /modals/student_form.php. This issue arises from improper handling of the 'id' argument, allowing attackers to manipulate SQL queries executed by the application. As a result, unauthorized access to sensitive data and potential compromise of the database may occur. The vulnerability has been publicly disclosed, highlighting the urgency for users to implement preventive measures.",SourceCodester,Simple Student Attendance System,9.8,CRITICAL,0.0014100000262260437,false,,false,false,false,,,false,false,,2023-12-10T21:15:00.000Z,0
CVE-2023-6619,https://securityvulnerability.io/vulnerability/CVE-2023-6619,SourceCodester Simple Student Attendance System class_form.php sql injection,"A SQL injection vulnerability exists in the SourceCodester Simple Student Attendance System, specifically in the /modals/class_form.php file. By manipulating the argument 'id', an attacker can execute unauthorized SQL commands, potentially compromising the integrity of the database. This vulnerability has been publicly disclosed, and the information is readily available, making it crucial for users to update their systems and apply the necessary security measures.",SourceCodester,Simple Student Attendance System,9.8,CRITICAL,0.0014299999456852674,false,,false,false,false,,,false,false,,2023-12-08T18:15:00.000Z,0
CVE-2023-6616,https://securityvulnerability.io/vulnerability/CVE-2023-6616,SourceCodester Simple Student Attendance System index.php cross site scripting,A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247253 was assigned to this vulnerability.,SourceCodester,Simple Student Attendance System,6.1,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2023-12-08T17:15:00.000Z,0
CVE-2023-6618,https://securityvulnerability.io/vulnerability/CVE-2023-6618,SourceCodester Simple Student Attendance System index.php file inclusion,"A security vulnerability has been identified in the SourceCodester Simple Student Attendance System version 1.0, specifically within the index.php file. This flaw allows unauthorized manipulation of the 'page' argument, which can lead to file inclusion attacks. Exploitation of this vulnerability could result in the disclosure of sensitive information and potentially compromise the integrity of the system. The vulnerability has been publicly disclosed, increasing the risk of attacks. It is crucial for users to assess their systems and implement necessary security measures.",SourceCodester,Simple Student Attendance System,8.8,HIGH,0.0025400000158697367,false,,false,false,false,,,false,false,,2023-12-08T17:15:00.000Z,0
CVE-2023-6617,https://securityvulnerability.io/vulnerability/CVE-2023-6617,SourceCodester Simple Student Attendance System attendance.php sql injection,A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as critical. Affected is an unknown function of the file attendance.php. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247254 is the identifier assigned to this vulnerability.,Sourcecodester,Simple Student Attendance System,5.5,MEDIUM,0.0014299999456852674,false,,false,false,false,,,false,false,,2023-12-08T17:15:00.000Z,0