Oretnom23: >> Computer Laboratory Management System Security Vulnerabilities
A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1.0 allows an authenticated attacker to execute arbitrary SQL commands via the "id" parameter
CVSS Score
8.8
EPSS Score
0.0
Published
2025-04-29
SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. via /php-lms/admin/?page=user/list.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-01-08
SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows a remote attacker to cause a denial of service via the delete_users function in the Useres.php
CVSS Score
4.3
EPSS Score
0.03
Published
2024-11-13
A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function delete_category of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.3
EPSS Score
0.003
Published
2024-08-30
A vulnerability classified as critical was found in SourceCodester Computer Laboratory Management System 1.0. Affected by this vulnerability is the function delete_record of the file /classes/Master.php?f=delete_record. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.3
EPSS Score
0.003
Published
2024-08-30
A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. Affected is the function update_settings_info of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.3
EPSS Score
0.002
Published
2024-08-30
Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories.
CVSS Score
6.5
EPSS Score
0.0
Published
2024-08-12
SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-08-07
SourceCodester Computer Laboratory Management System 1.0 allows admin/category/view_category.php id SQL Injection.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-08-07
A Cross Site Scripting (XSS) vulnerability exists in Computer Laboratory Management System version 1.0. This vulnerability allows a remote attacker to execute arbitrary code via the Borrower Name, Department, and Remarks parameters.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-06-20
Page 1