Academiaerp: >> Student Information System >> eagler-1.0.118 Security Vulnerabilities
An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information System (SIS) EagleR-1.0.118 allows attackers to execute arbitrary code via ../ in the filePath parameter.
CVSS Score
6.4
EPSS Score
0.01
Published
2025-04-26
Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-03-03
A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the User ID parameter at /rest/staffResource/update.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-03-03