Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Casap_automated_enrollment_system
(Casap_automated_enrollment_system_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 11 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-11-08 | CVE-2021-40261 | Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via the (1) user_username and (2) category parameters in save_class.php, the (3) firstname, (4) class, and (5) status parameters in student_table.php, the (6) category and (7) class_name parameters in add_class1.php, the (8) fname, (9) mname,(10) lname, (11) address, (12) class, (13) gfname, (14) gmname, (15) glname, (16) rship, (17) status, (18) transport, and (19) route... | Casap_automated_enrollment_system | 6.1 | ||
| 2021-07-22 | CVE-2021-26228 | SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_class1.php. | Casap_automated_enrollment_system | 9.8 | ||
| 2021-07-22 | CVE-2021-26227 | Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the student information parameters to edit_stud.php. | Casap_automated_enrollment_system | 6.1 | ||
| 2021-07-22 | CVE-2021-26230 | Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the user information to save_user.php. | Casap_automated_enrollment_system | 6.1 | ||
| 2021-07-22 | CVE-2021-26229 | SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_stud.php. | Casap_automated_enrollment_system | 9.8 | ||
| 2021-07-22 | CVE-2021-26226 | SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_user.php. | Casap_automated_enrollment_system | 9.8 | ||
| 2021-07-22 | CVE-2021-26223 | SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_pay.php. | Casap_automated_enrollment_system | 9.8 | ||
| 2021-07-22 | CVE-2021-27332 | Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the class_name parameter to update_class.php. | Casap_automated_enrollment_system | 6.1 | ||
| 2021-04-15 | CVE-2021-27129 | CASAP Automated Enrollment System version 1.0 contains a cross-site scripting (XSS) vulnerability through the Students > Edit > ROUTE parameter. | Casap_automated_enrollment_system | 5.4 | ||
| 2021-02-15 | CVE-2021-26201 | The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable to SQL injection authentication bypass. An attacker can obtain access to the admin panel by injecting a SQL query in the username field of the login page. | Casap_automated_enrollment_system | 9.8 |