6.3

CVSS3.1

CVE-2024-34933 -

A SQL injection vulnerability in /model/update_grade.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the admission_fee parameter.

πŸ“… Published: May 23, 2024, 4:33 p.m. πŸ”„ Last Modified: March 25, 2025, 5:19 p.m.

9.8

CVSS3.1

CVE-2024-34932 -

A SQL injection vulnerability in /model/update_exam.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter.

πŸ“… Published: May 23, 2024, 4:33 p.m. πŸ”„ Last Modified: March 25, 2025, 5:19 p.m.

9.8

CVSS3.1

CVE-2024-34931 -

A SQL injection vulnerability in /model/update_subject.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter.

πŸ“… Published: May 23, 2024, 4:31 p.m. πŸ”„ Last Modified: March 25, 2025, 5:19 p.m.

6.4

CVSS3.1

CVE-2024-4365 - Advanced iFrame <= 2024.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the β€˜add_iframe_url_as_param_direct’ parameter in versions up to, and including, 2024.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with cont…

πŸ“… Published: May 23, 2024, 4:30 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS3.1

CVE-2024-34930 -

A SQL injection vulnerability in /model/all_events1.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the month parameter.

πŸ“… Published: May 23, 2024, 4:26 p.m. πŸ”„ Last Modified: March 25, 2025, 5:19 p.m.

9.8

CVSS3.1

CVE-2024-34929 -

A SQL injection vulnerability in /view/find_friends.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the my_index parameter.

πŸ“… Published: May 23, 2024, 4:25 p.m. πŸ”„ Last Modified: March 25, 2025, 5:19 p.m.

7.3

CVSS3.1

CVE-2024-34928 -

A SQL injection vulnerability in /model/update_subject_routing.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade parameter.

πŸ“… Published: May 23, 2024, 4:23 p.m. πŸ”„ Last Modified: March 25, 2025, 5:20 p.m.

9.8

CVSS3.1

CVE-2024-34927 -

A SQL injection vulnerability in /model/update_classroom.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter.

πŸ“… Published: May 23, 2024, 4:22 p.m. πŸ”„ Last Modified: March 25, 2025, 5:20 p.m.

9.8

CVSS3.1

CVE-2024-5084 - Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Cod…

The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files …

πŸ“… Published: May 23, 2024, 2:31 p.m. πŸ”„ Last Modified: April 8, 2026, 7:21 p.m.

8.1

CVSS3.1

CVE-2024-5085 - Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated PHP Object Injection

The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input in the 'process_entry' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No kno…

πŸ“… Published: May 23, 2024, 2:31 p.m. πŸ”„ Last Modified: April 8, 2026, 4:32 p.m.
Total resulsts: 349182
Page 9689 of 34,919
Β« previous page Β» next page
Filters