An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server and execute arbitrary code.

D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting.

MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3 is vulnerable to SQL Injection that allows an attacker to execute malicious SQL statements that control a web application's database server.

A directory traversal vulnerability in forkosh Mime TeX before version 1.77 allows attackers on Windows systems to read or append arbitrary files by manipulating crafted input paths.

A stored cross-site scripting (XSS) vulnerability fin Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter on the profile.php page.

DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Francois Jacquet RosarioSIS v12.0.0 was discovered to contain a content spoofing vulnerability in the Theme configuration under the My Preferences module. This vulnerability allows attackers to manipulate application settings.

An issue in Student Study Center Desk Management System v1.0 allows attackers to bypass authentication via a crafted GET request to /php-sscdms/admin/login.php.

A cross-site scripting (XSS) vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento1_1 parameter.

A vulnerability classified as problematic was found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This vulnerability affects unknown code of the file /api/studentPWD. The manipulation of the argument studentId leads to unverified password change. The attack can be initiated remotely. The exploit has be…