Filtered by vendor Online Enrollment Management System Project Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-44599 1 Online Enrollment Management System Project 1 Online Enrollment Management System 2024-08-04 7.5 High
The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve sensitive information for all users of this system.
CVE-2021-40578 1 Online Enrollment Management System Project 1 Online Enrollment Management System 2024-08-04 7.2 High
Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter.
CVE-2021-40577 1 Online Enrollment Management System Project 1 Online Enrollment Management System 2024-08-04 5.4 Medium
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter.
CVE-2021-40579 1 Online Enrollment Management System Project 1 Online Enrollment Management System 2024-08-04 6.5 Medium
https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control. The impact is: gain privileges (remote).