MidnightBSD

Advisories for ingenious_school_management_system_project

CVE-2017-15957 MEDIUM

my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
ingenious_school_management_system_project ingenious_school_management_system 2.3.0
CVE-2017-16561 HIGH

/view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
ingenious_school_management_system_project ingenious_school_management_system 2.3.0