The Simple Student Attendance System v1.0 is vulnerable to a Time Based Blind SQL Injection. An attacker can exploit this vulnerability by sending a crafted POST request with a malicious payload to the 'id' parameter in the delete_student function of the actions.class.php file. This allows the attacker to perform unauthorized SQL queries, potentially leading to data leakage or manipulation. This exploit has been tested using sqlmap tool.
The AC Repair and Services System v1.0 is vulnerable to SQL injection attacks due to improper input validation. An attacker can manipulate the SQL queries to execute arbitrary SQL commands, leading to unauthorized access to the database or data manipulation. This vulnerability has been demonstrated using sqlmap tool to perform time-based blind SQL injection attacks.
The Simple Student Attendance System v1.0 is vulnerable to SQL Injection through the 'classid' parameter. An attacker can exploit this vulnerability using time-based blind and union-based techniques to manipulate the database.
The exploit allows an attacker to perform SQL injection in the Enrollment System v1.0 application by manipulating the 'emc' parameter in the '/get_subject.php' URI. By injecting a crafted payload, an attacker can retrieve sensitive information from the database. This vulnerability has a CVE identifier.
The Simple Student Attendance System is vulnerable to a Time-Based Blind SQL Injection in the delete_student function of actions.class.php. An attacker can manipulate the 'id' parameter to execute malicious SQL queries, potentially leading to unauthorized data retrieval or modification. The vulnerability has been tested using sqlmap tool with a time-based blind technique.
The AC Repair and Services System v1.0 is vulnerable to multiple SQL Injection attacks. An attacker can exploit this by manipulating the input fields to execute arbitrary SQL commands. This can lead to unauthorized access, data leakage, and potential data manipulation.
The Simple Student Attendance System v1.0 is vulnerable to 'classid' Time Based Blind and Union Based SQL Injection. An attacker can manipulate the 'classid' parameter to execute arbitrary SQL queries.
The AC Repair and Services System v1.0 is prone to multiple SQL injection vulnerabilities. An attacker can exploit these issues by manipulating the 'id' parameter in the 'manage_user.php' and 'Master.php' files, allowing unauthorized access to the database. This can lead to data leakage, modification, or deletion. This vulnerability has been tested using sqlmap tool.
The Simple Student Attendance System v1.0 is vulnerable to 'classid' Time Based Blind & Union Based SQL Injection. By injecting malicious SQL queries into the 'classid' parameter, an attacker can manipulate the database, retrieve sensitive information, and potentially take control of the system. This vulnerability has a CVE ID pending assignment.
Services By CQR