emirhanmtl/vuln-research

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-31545 ↗	Apr 22, 2024Monday, 22 April 2024, 19:15	9.4 CRITICAL	—
Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/?page=user/manage_user&id=6.
CVE-2024-31546 ↗	Apr 19, 2024Friday, 19 April 2024, 18:15	9.8 CRITICAL	—
Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/damage/view_damage.php.
CVE-2024-31547 ↗	Apr 19, 2024Friday, 19 April 2024, 18:15	9.1 CRITICAL	—
Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/item/view_item.php.
CVE-2024-31544 ↗	Apr 9, 2024Tuesday, 9 April 2024, 13:15	5.4 MEDIUM	—
A stored cross-site scripting (XSS) vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into “remarks”, “borrower_name”, “faculty_department” parameters in /classes/Master.php?f=save_record.