cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-11262,https://securityvulnerability.io/vulnerability/CVE-2024-11262,Stack-based Buffer Overflow in SourceCodester Student Record Management System,"A critical vulnerability has been identified in the SourceCodester Student Record Management System version 1.0, specifically within the 'View All Student Marks' component. This vulnerability manifests as a stack-based buffer overflow that occurs in the main function. Attackers can exploit this weakness locally, potentially leading to unauthorized access or execution of arbitrary code. The details of this vulnerability have been publicly disclosed, raising concerns about the security of systems using this software. It is crucial for users to assess their systems for potential exposure and mitigate the risk.",Sourcecodester,Student Record Management System,7.8,HIGH,0.0006000000284984708,false,,false,false,true,2024-11-15T23:15:00.000Z,true,false,false,,2024-11-15T23:15:00.000Z,0
CVE-2024-11261,https://securityvulnerability.io/vulnerability/CVE-2024-11261,Memory Corruption Vulnerability in SourceCodester Student Record Management System,"A critical memory corruption vulnerability has been identified in the SourceCodester Student Record Management System version 1.0, specifically within the Number of Students Menu functionality found in the StudentRecordManagementSystem.cpp file. This vulnerability enables an attacker with local access to manipulate memory allocation, potentially leading to unauthorized actions or system crashes. The exploit details have been publicly disclosed, prompting users of the affected version to prioritize immediate remediation measures to protect their systems against potential attacks.",Sourcecodester,Student Record Management System,6.1,MEDIUM,0.0006000000284984708,false,,false,false,true,2024-11-15T22:15:00.000Z,true,false,false,,2024-11-15T22:15:00.000Z,0
CVE-2024-11097,https://securityvulnerability.io/vulnerability/CVE-2024-11097,Infinite Loop Vulnerability Affects SourceCodester Student Record Management System,A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Main Menu. The manipulation leads to infinite loop. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.,Sourcecodester,Student Record Management System,5.5,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-11-12T02:00:13.000Z,true,false,false,,2024-11-12T02:00:13.839Z,0
CVE-2024-6807,https://securityvulnerability.io/vulnerability/CVE-2024-6807,Cross Site Scripting Vulnerability in Student Study Center Desk Management System 1.0,A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST Request Handler. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.,Sourcecodester,Student Study Center Desk Management System,4.1,MEDIUM,0.0008200000156648457,false,,false,false,true,2024-07-17T02:31:05.000Z,true,false,false,,2024-07-17T03:31:05.059Z,0
CVE-2024-6801,https://securityvulnerability.io/vulnerability/CVE-2024-6801,Unrestricted File Upload Vulnerability Discovered in SourceCodester Online Student Management System,"A vulnerability has been identified in the SourceCodester Online Student Management System version 1.0, specifically related to the file handling in /add-students.php. This issue pertains to the unrestricted upload of files, where manipulation of the 'image' argument can result in unauthorized file uploads. Attackers can exploit this flaw remotely, potentially compromising the security of the system. The public disclosure of this exploit has raised concerns about the potential for misuse. Organizations utilizing this software should assess their exposure and consider implementing remediation strategies to mitigate the risk associated with this vulnerability.",SourceCodester,Online Student Management System,9.8,CRITICAL,0.003449999960139394,false,,false,false,false,,,false,false,,2024-07-17T02:15:00.000Z,0
CVE-2024-6732,https://securityvulnerability.io/vulnerability/CVE-2024-6732,SQL Injection Vulnerability in SourceCodester Student Study Center Desk Management System,"A serious SQL injection vulnerability has been identified in version 1.0 of the SourceCodester Student Study Center Desk Management System. This vulnerability resides in the /sscdms/classes/Users.php file, specifically in the save function, where the manipulation of the 'id' argument can lead to unauthorized SQL commands being executed on the backend database. As a result, attackers can potentially gain access to sensitive user information and execute arbitrary code remotely. Given that this exploit has already been publicly disclosed, it is crucial for users of this system to take immediate action to secure their installations and safeguard their data.",Sourcecodester,Student Study Center Desk Management System,8.8,HIGH,0.0007600000244565308,false,,false,false,true,2024-07-14T22:15:00.000Z,true,false,false,,2024-07-14T23:15:00.000Z,0
CVE-2024-6731,https://securityvulnerability.io/vulnerability/CVE-2024-6731,SQL Injection Vulnerability in SourceCodester Student Study Center Desk Management System,"A serious SQL injection vulnerability has been identified in the SourceCodester Student Study Center Desk Management System, specifically in the Master.php file when handling requests to save student data. This flaw allows attackers to manipulate the 'id' argument, enabling them to execute malicious SQL queries on the database. The vulnerability can be exploited remotely, posing a significant risk to data security as it may allow unauthorized access to sensitive information. Immediate action is recommended to assess and mitigate potential risks associated with this vulnerability.",Sourcecodester,Student Study Center Desk Management System,8.8,HIGH,0.0007600000244565308,false,,false,false,true,2024-07-14T21:15:00.000Z,true,false,false,,2024-07-14T22:15:00.000Z,0
CVE-2024-5378,https://securityvulnerability.io/vulnerability/CVE-2024-5378,SQL Injection Vulnerability in SourceCodester School Intramurals Student Attendance Management System,"A critical vulnerability has been identified in version 1.0 of the SourceCodester School Intramurals Student Attendance Management System, specifically in the file manage_sy.php. This vulnerability allows an attacker to perform SQL injection through the manipulation of the 'id' argument. The exploitation can be executed remotely, posing significant risks to the integrity and security of the database and user data. As the exploit has been publicly disclosed, immediate action is recommended to mitigate potential attacks. Users of the affected product should assess their systems and implement necessary security measures to protect against unauthorized access and data breaches.",Sourcecodester,School Intramurals Student Attendance Management System,9.8,CRITICAL,0.00044999999227002263,false,,false,false,true,2024-05-26T20:31:03.000Z,true,false,false,,2024-05-26T21:31:03.428Z,0
CVE-2024-5047,https://securityvulnerability.io/vulnerability/CVE-2024-5047,Unrestricted File Upload Vulnerability in SourceCodester Student Management System,"A significant security vulnerability has been identified in the SourceCodester Student Management System version 1.0, specifically within the controller.php file. This flaw allows attackers to manipulate the 'photo' argument, leading to an unrestricted file upload capability. Such a vulnerability not only exposes the system to remote attacks but also increases the risk of malicious file uploads. Given that the exploit has been publicly disclosed, it is crucial for organizations using this system to implement immediate security measures to mitigate potential threats and safeguard sensitive data.",Sourcecodester,Student Management System,9.8,CRITICAL,0.00044999999227002263,false,,false,false,true,2024-05-17T12:31:04.000Z,true,false,false,,2024-05-17T13:31:04.469Z,0
CVE-2024-4926,https://securityvulnerability.io/vulnerability/CVE-2024-4926,SQL Injection Vulnerability in SourceCodester Student Attendance Management System,"A critical SQL injection vulnerability has been identified in the SourceCodester School Intramurals Student Attendance Management System version 1.0. This flaw resides in the manage_student.php file, where an unsafe handling of the 'id' parameter allows an attacker to manipulate SQL queries. The vulnerability's exploitation can be executed remotely, posing a significant risk to the integrity and confidentiality of the database. Given that the exploit has been publicly disclosed, organizations using this software should take immediate action to protect sensitive data from unauthorized access by reviewing their security posture and applying necessary updates to mitigate this risk.",Sourcecodester,School Intramurals Student Attendance Management System,6.5,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-05-16T01:00:04.000Z,true,false,false,,2024-05-16T02:00:04.407Z,0
CVE-2024-4925,https://securityvulnerability.io/vulnerability/CVE-2024-4925,SQL Injection Vulnerability in SourceCodester School Attendance Management System,"A significant SQL injection vulnerability has been identified in SourceCodester's School Intramurals Student Attendance Management System version 1.0. This vulnerability exists in the file /intrams_sams/manage_course.php, where improper handling of the 'id' argument allows attackers to manipulate SQL queries. As a result, this could permit unauthorized access to sensitive information from the database. The nature of this exploitation is remote, meaning that attackers can initiate the attack without local access to the system. Security professionals are urged to take immediate action to secure their systems, considering that the exploit has been made public and is actively circulating in the wild. For further information, refer to VDB-264461, which details the technical aspects of this vulnerability.",Sourcecodester,School Intramurals Student Attendance Management System,6.5,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-05-16T00:31:05.000Z,true,false,false,,2024-05-16T01:31:05.274Z,0
CVE-2023-6945,https://securityvulnerability.io/vulnerability/CVE-2023-6945,SourceCodester Online Student Management System edit-student-detail.php cross site scripting,A vulnerability has been found in SourceCodester Online Student Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edit-student-detail.php. The manipulation of the argument notmsg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248377 was assigned to this vulnerability.,Sourcecodester,Online Student Management System,2.4,LOW,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-12-19T11:15:00.000Z,0
CVE-2023-2152,https://securityvulnerability.io/vulnerability/CVE-2023-2152,SourceCodester Student Study Center Desk Management System index.php file inclusion,"A file inclusion vulnerability exists within the SourceCodester Student Study Center Desk Management System 1.0. This issue arises from improper handling within the index.php file, specifically through unsanitized input in the 'page' argument. An attacker can exploit this vulnerability remotely, potentially leading to unauthorized file access and execution. The public disclosure of this exploit highlights the urgency for users to apply necessary patches and security measures to safeguard their systems.",Sourcecodester,Student Study Center Desk Management System,9.8,CRITICAL,0.0038900000508874655,false,,false,false,false,,,false,false,,2023-04-18T14:15:00.000Z,0
CVE-2023-2151,https://securityvulnerability.io/vulnerability/CVE-2023-2151,SourceCodester Student Study Center Desk Management System manage_student.php sql injection,"A vulnerability exists in the Desk Management System's manage_student.php file, allowing an attacker to manipulate the argument 'id' and perform SQL Injection attacks remotely. This can lead to unauthorized access to sensitive data or further exploits. Public disclosure has raised awareness, making it imperative for users to inspect their systems for potential vulnerabilities.",SourceCodester,Student Study Center Desk Management System,9.8,CRITICAL,0.0026400000788271427,false,,false,false,false,,,false,false,,2023-04-18T13:15:00.000Z,0
CVE-2023-1567,https://securityvulnerability.io/vulnerability/CVE-2023-1567,SourceCodester Student Study Center Desk Management System assign.php cross site scripting,A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/assign/assign.php. The manipulation of the argument sid leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223559.,SourceCodester,Student Study Center Desk Management System,6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,,false,false,,2023-03-22T14:15:00.000Z,0
CVE-2023-1568,https://securityvulnerability.io/vulnerability/CVE-2023-1568,SourceCodester Student Study Center Desk Management System GET Parameter index.php cross site scripting,A vulnerability classified as problematic has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file /admin/reports/index.php of the component GET Parameter Handler. The manipulation of the argument date_to leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223560.,Sourcecodester,Student Study Center Desk Management System,5.4,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-03-22T14:15:00.000Z,0
CVE-2023-1563,https://securityvulnerability.io/vulnerability/CVE-2023-1563,SourceCodester Student Study Center Desk Management System assign.php sql injection,"A vulnerability has been identified in the SourceCodester Student Study Center Desk Management System 1.0, specifically within the /admin/assign/assign.php file. This issue arises due to improper handling of the 'id' parameter, allowing attackers to perform SQL injection. By manipulating this input, an attacker can execute arbitrary SQL queries against the database, leading to unauthorized data access or potential compromise of the system. This vulnerability can be exploited remotely, making it a significant concern for users of this management system.",SourceCodester,Student Study Center Desk Management System,9.8,CRITICAL,0.002139999996870756,false,,false,false,false,,,false,false,,2023-03-22T13:15:00.000Z,0
CVE-2023-1467,https://securityvulnerability.io/vulnerability/CVE-2023-1467,SourceCodester Student Study Center Desk Management System POST Parameter path traversal,"A vulnerability exists in the SourceCodester Student Study Center Desk Management System, specifically in the Master.php file where the DELETE image function processes input. The issue arises from improper handling of the 'path' argument, allowing attackers to manipulate input and execute path traversal attacks remotely. This vulnerability could lead to unauthorized access to sensitive files and data, highlighting the need for immediate attention and remediation.",SourceCodester,Student Study Center Desk Management System,9.8,CRITICAL,0.004259999841451645,false,,false,false,false,,,false,false,,2023-03-17T12:15:00.000Z,0
CVE-2023-1468,https://securityvulnerability.io/vulnerability/CVE-2023-1468,SourceCodester Student Study Center Desk Management System Report sql injection,A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipulation of the argument date_from/date_to leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-223327.,Sourcecodester,Student Study Center Desk Management System,6.3,MEDIUM,0.0041600000113248825,false,,false,false,false,,,false,false,,2023-03-17T12:15:00.000Z,0
CVE-2023-1466,https://securityvulnerability.io/vulnerability/CVE-2023-1466,SourceCodester Student Study Center Desk Management System view_student sql injection,"A vulnerability exists in the Student Study Center Desk Management System that allows for SQL injection through the 'view_student' function. By manipulating the 'id' argument, an attacker can input malicious SQL code, potentially leading to unauthorized data access or manipulation. This vulnerability can be exploited remotely, posing a significant risk to the integrity of the system. It is crucial for users to patch their installations to mitigate this security issue.",SourceCodester,Student Study Center Desk Management System,9.8,CRITICAL,0.0041600000113248825,false,,false,false,false,,,false,false,,2023-03-17T12:15:00.000Z,0
CVE-2023-1407,https://securityvulnerability.io/vulnerability/CVE-2023-1407,SourceCodester Student Study Center Desk Management System manage_user.php sql injection,"An SQL injection vulnerability exists in the SourceCodester Student Study Center Desk Management System 1.0. This flaw is located in the /admin/user/manage_user.php file, where improper validation of the 'id' parameter allows an attacker to construct malicious SQL queries. As a result, this vulnerability poses serious risks, enabling unauthorized database access and manipulation. The issue is public knowledge and can be exploited remotely, highlighting the need for urgent remediation. For further technical details, consult VDB-223111.",SourceCodester,Student Study Center Desk Management System,7.2,HIGH,0.0026100000832229853,false,,false,false,false,,,false,false,,2023-03-15T08:15:00.000Z,0
CVE-2023-1397,https://securityvulnerability.io/vulnerability/CVE-2023-1397,SourceCodester Online Student Management System profile.php cross site scripting,A vulnerability classified as problematic has been found in SourceCodester Online Student Management System 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument adminname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222984.,SourceCodester,Online Student Management System,6.1,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2023-03-14T15:15:00.000Z,0
CVE-2023-1099,https://securityvulnerability.io/vulnerability/CVE-2023-1099,SourceCodester Online Student Management System edit-class-detail.php sql injection,A vulnerability was found in SourceCodester Online Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file eduauth/edit-class-detail.php. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222002 is the identifier assigned to this vulnerability.,Sourcecodester,Online Student Management System,6.3,MEDIUM,0.0017300000181421638,false,,false,false,false,,,false,false,,2023-02-28T21:15:00.000Z,0
CVE-2022-2876,https://securityvulnerability.io/vulnerability/CVE-2022-2876,SourceCodester Student Management System index.php sql injection,"A vulnerability, which was classified as critical, was found in SourceCodester Student Management System. Affected is an unknown function of the file index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-206634 is the identifier assigned to this vulnerability.",Sourcecodester,Student Management System,6.3,MEDIUM,0.0026499999221414328,false,,false,false,false,,,false,false,,2022-08-18T07:30:14.000Z,0