College Management System

college_management_system

Vendor: College Management System Project • 9 CVEs

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-7681 1College Management System Project 1College Management System Jun 17, 2026 Aug 12, 2024 6.9 MEDIUM· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability was found in code-projects College Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php of the component Login Page. The manipulation of t...Show more A vulnerability was found in code-projects College Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php of the component Login Page. The manipulation of the argument email/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2022-39180 1College Management System Project 1College Management System Jun 17, 2026 Nov 17, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page
CVE-2022-39179 1College Management System Project 1College Management System Jun 17, 2026 Nov 17, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious...Show more College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file. Show less
CVE-2022-32420 1College Management System Project 1College Management System Jun 17, 2026 Jul 1, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file.
CVE-2022-30404 1College Management System Project 1College Management System Jun 17, 2026 May 13, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 College Management System v1.0 is vulnerable to SQL Injection via /College_Management_System/admin/display-teacher.php?teacher_id=.
CVE-2022-28079 1College Management System Project 1College Management System Jun 17, 2026 May 5, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter.
CVE-2020-25409 1College Management System Project 1College Management System Jun 17, 2026 May 24, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Projectsworlds College Management System Php 1.0 is vulnerable to SQL injection issues over multiple parameters.
CVE-2020-25408 1College Management System Project 1College Management System Jun 17, 2026 May 24, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A Cross-Site Request Forgery (CSRF) vulnerability exists in ProjectWorlds College Management System Php 1.0 that allows a remote attacker to modify, delete, or make a new entry of the student, faculty, teacher, subject,...Show more A Cross-Site Request Forgery (CSRF) vulnerability exists in ProjectWorlds College Management System Php 1.0 that allows a remote attacker to modify, delete, or make a new entry of the student, faculty, teacher, subject, scores, location, and article data.Show less
CVE-2020-26051 1College Management System Project 1College Management System Jun 17, 2026 Feb 8, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query.