MidnightBSD

Advisories for school_attendance_monitoring_system_project

CVE-2018-18797 MEDIUM

School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
school_attendance_monitoring_system_project school_attendance_monitoring_system 1.0
CVE-2018-18798 HIGH

Attendance Monitoring System 1.0 has SQL Injection via the 'id' parameter to student/index.php?view=view, event/index.php?view=view, and user/index.php?view=view.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
school_attendance_monitoring_system_project school_attendance_monitoring_system 1.0
CVE-2018-18799 MEDIUM

School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
school_attendance_monitoring_system_project school_attendance_monitoring_system 1.0