Search
Search Results (10 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-70152 | 1 Code-projects | 1 Scholars Tracking System | 2026-02-19 | 9.8 Critical |
| code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.php and /admin/update_user.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters (firstname, lastname, username, password, user_id) into SQL queries without validation or parameterization. | ||||
| CVE-2025-70151 | 1 Code-projects | 1 Scholars Tracking System | 2026-02-19 | 8.8 High |
| code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote code execution via unrestricted file upload. The endpoints update_profile_picture.php and upload_picture.php store uploaded files in a web-accessible uploads/ directory using the original, user-supplied filename without validating the file type or extension. By uploading a PHP file and then requesting it from /uploads/, an attacker can execute arbitrary PHP code as the web server user. | ||||
| CVE-2025-14951 | 2 Code-projects, Fabian | 2 Scholars Tracking System, Scholars Tracking System | 2025-12-24 | 7.3 High |
| A security vulnerability has been detected in code-projects Scholars Tracking System 1.0. The impacted element is an unknown function of the file /home.php. Such manipulation of the argument post_content leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-14950 | 2 Code-projects, Fabian | 2 Scholars Tracking System, Scholars Tracking System | 2025-12-24 | 7.3 High |
| A weakness has been identified in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /delete_post.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-14940 | 2 Code-projects, Fabian | 2 Scholars Tracking System, Scholars Tracking System | 2025-12-24 | 7.3 High |
| A vulnerability was determined in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /admin/delete_user.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2024-24099 | 1 Code-projects | 1 Scholars Tracking System | 2025-04-03 | 5.4 Medium |
| Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status Information Update. | ||||
| CVE-2024-24092 | 1 Code-projects | 1 Scholars Tracking System | 2025-04-03 | 7.8 High |
| SQL Injection vulnerability in Code-projects.org Scholars Tracking System 1.0 allows attackers to run arbitrary code via login.php. | ||||
| CVE-2024-24093 | 1 Code-projects | 1 Scholars Tracking System | 2025-04-03 | 9.8 Critical |
| SQL Injection vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via Personal Information Update information. | ||||
| CVE-2024-24097 | 1 Code-projects | 1 Scholars Tracking System | 2025-04-03 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via the News Feed. | ||||
| CVE-2024-24101 | 1 Code-projects | 1 Scholars Tracking System | 2025-03-13 | 5.1 Medium |
| Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Eligibility Information Update. | ||||
Page 1 of 1.