Oretnom23 Computer Laboratory Management System

SQLi in manage_damage.php of Sourcecodester Computer Lab Management System v1.0
CVE-2025-45956 - April 29, 2025

A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1.0 allows an authenticated attacker to execute arbitrary SQL commands via the "id" parameter

SourceCodester Computer Lab Management System 1.0 - Incorrect Access Control
CVE-2024-54818 - January 08, 2025

SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. via /php-lms/admin/?page=user/list.

SQLi in Simple Laboratory Management System v1.0 delete_users causes DoS
CVE-2024-40443 - November 13, 2024

SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows a remote attacker to cause a denial of service via the delete_users function in the Useres.php

CVE-2024-8348: Critical SQLi in SourceCodester Lab Management System 1.0
CVE-2024-8348 9.8 - Critical - August 30, 2024

A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function delete_category of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

CVE-2024-8347: PHP SQLi in SourceCodester Computer Lab System 1.0
CVE-2024-8347 9.8 - Critical - August 30, 2024

A vulnerability classified as critical was found in SourceCodester Computer Laboratory Management System 1.0. Affected by this vulnerability is the function delete_record of the file /classes/Master.php?f=delete_record. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SourceCodester CLMS 1.0 SQLi in SystemSettings::update_settings
CVE-2024-8346 9.8 - Critical - August 30, 2024

A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. Affected is the function update_settings_info of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

Sourcecodester CMS v1.0 delete_category auth bypass & cat deletion
CVE-2024-41332 6.5 - Medium - August 12, 2024

Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories.

SQLi id in SourceCodester CompLabMS 1.0 Master.php
CVE-2024-34479 9.8 - Critical - August 07, 2024

SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection.

SQL Injection

CVE-2024-34480: SQLi in Computer Lab Management 1.0 view_category
CVE-2024-34480 9.8 - Critical - August 07, 2024

SourceCodester Computer Laboratory Management System 1.0 allows admin/category/view_category.php id SQL Injection.

SQL Injection

XSS in Computer Laboratory Management Sys 1.0 via Borrower/Dept/Remarks
CVE-2024-31586 - June 20, 2024

A Cross Site Scripting (XSS) vulnerability exists in Computer Laboratory Management System version 1.0. This vulnerability allows a remote attacker to execute arbitrary code via the Borrower Name, Department, and Remarks parameters.

XSS via Dept Input in Sourcecodester Lab Mgt Sys v1.0
CVE-2024-35582 - May 28, 2024

A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Department input field.

XSS in Sourcecodester Lab Management System v1.0 via Borrower Name
CVE-2024-35581 - May 28, 2024

A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Borrower Name input field.

XSS in Sourcecodester Laboratory Management System v1.0 - Remarks field
CVE-2024-35583 - May 28, 2024

A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Remarks input field.

XSS in Computer Laboratory Management System 1.0 via system_info page
CVE-2024-34225 - May 14, 2024

Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters.

XSS in Computer Lab Management System 1.0 Users.php
CVE-2024-34224 - May 14, 2024

Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters.

Computer Lab Management Sys v1.0 SQLi in /admin/?page=user/manage_user via id param
CVE-2024-31545 - April 22, 2024

Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/?page=user/manage_user&id=6.

Computer Laboratory Management System v1.0 SQLi in /admin/item/view_item.php
CVE-2024-31547 - April 19, 2024

Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/item/view_item.php.

SQLi in Computer Lab Mgt System v1.0 via id param
CVE-2024-31546 - April 19, 2024

Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/damage/view_damage.php.

SourceCodester Computer Lab Sys 1.0 XSS via /classes/Users.php id
CVE-2024-3695 5.4 - Medium - April 12, 2024

A vulnerability has been found in SourceCodester Computer Laboratory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260482 is the identifier assigned to this vulnerability.

XSS

Stored XSS in Computer Lab Mgt Sys v1.0 via /classes/Master.php
CVE-2024-31544 - April 09, 2024

A stored cross-site scripting (XSS) vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into remarks, borrower_name, faculty_department parameters in /classes/Master.php?f=save_record.

Critical RCE via URL arg in SourceCodester Computer Lab Management System 1.0 (config.php)
CVE-2024-3376 9.8 - Critical - April 06, 2024

A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file config.php. The manipulation of the argument url leads to execution after redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259497 was assigned to this vulnerability.

Always-Incorrect Control Flow Implementation

XSS in SourceCodester CompLab System 1.0 /classes/SS.php
CVE-2024-3377 6.1 - Medium - April 06, 2024

A vulnerability classified as problematic was found in SourceCodester Computer Laboratory Management System 1.0. This vulnerability affects unknown code of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259498 is the identifier assigned to this vulnerability.

XSS

SQLi In SourceCodester Computer Lab Mgmt Sys 1.0 /admin/category/view_category.php
CVE-2024-3316 8.8 - High - April 04, 2024

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/category/view_category.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259387.

SQL Injection

SourceCodester Computer Lab Management System 1.0 SQLi via Users.php Remote
CVE-2024-3314 9.8 - Critical - April 04, 2024

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Users.php. The manipulation leads to sql injection. The attack may be initiated remotely. The identifier VDB-259385 was assigned to this vulnerability.

SQL Injection

SourceCodester Computer Lab Mgt 1.0 SQLi via classes/user.php (remote)
CVE-2024-3315 9.8 - Critical - April 04, 2024

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file classes/user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259386 is the identifier assigned to this vulnerability.

SQL Injection

Critical 1.0 SQLi in /admin/borrow/view_borrow of SourceCodester CompLab Mgt System
CVE-2024-3251 8.8 - High - April 03, 2024

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/?page=borrow/view_borrow. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259100.

SQL Injection

XSS in SourceCodester CLMS 1.0 via middlename
CVE-2024-3140 5.4 - Medium - April 01, 2024

A vulnerability, which was classified as problematic, was found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file /classes/Users.php?f=save. The manipulation of the argument middlename leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258915.

XSS

SourceCodester Computer Lab Mgt Sys 1.0: Remote ID Manipulation Improper Auth
CVE-2024-3139 5.4 - Medium - April 01, 2024

A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258914 is the identifier assigned to this vulnerability.

Insecure Direct Object Reference / IDOR

SQLi in SourceCodester CLMS 1.0 via id param in Master.php
CVE-2024-3131 6.5 - Medium - April 01, 2024

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_category. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258874 is the identifier assigned to this vulnerability.

SQL Injection