MidnightBSD

Advisories for school_event_management_system_project

CVE-2018-18793 HIGH

School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
school_event_management_system_project school_event_management_system 1.0
CVE-2018-18794 MEDIUM

School Event Management System 1.0 allows CSRF via user/controller.php?action=edit.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
school_event_management_system_project school_event_management_system 1.0
CVE-2018-18795 HIGH

School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
school_event_management_system_project school_event_management_system 1.0