Security Vulnerabilities - CVEs Published In 2018
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.
CVSS Score
9.8
EPSS Score
0.21
Published
2018-11-16
School Event Management System 1.0 allows CSRF via user/controller.php?action=edit.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-11-16
School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.
CVSS Score
9.8
EPSS Score
0.03
Published
2018-11-16
Library Management System 1.0 has SQL Injection via the "Search for Books" screen.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-11-16
School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-11-16
School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-11-16
The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL].
CVSS Score
9.8
EPSS Score
0.03
Published
2018-11-16
Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb.
CVSS Score
9.8
EPSS Score
0.03
Published
2018-11-16
Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb.
CVSS Score
9.8
EPSS Score
0.03
Published
2018-11-16
Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass and data manipulation in certain functions.
CVSS Score
6.4
EPSS Score
0.003
Published
2018-11-16