Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

student_attendance_management_system

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

10
Related CVEsRelated VendorsRelated AssignersReports
10Vulnerabilities found
CVE-2023-41524
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.03% / 7.64%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 00:00
Updated-13 Aug, 2025 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the username parameter at index.php.

Action-Not Available
Vendor-student_attendance_management_system_projectn/a
Product-student_attendance_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-41520
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.03% / 7.64%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 00:00
Updated-13 Aug, 2025 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createClassArms.php via the classId and classArmName parameters.

Action-Not Available
Vendor-student_attendance_management_system_projectn/a
Product-student_attendance_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-41521
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.03% / 7.64%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 00:00
Updated-13 Aug, 2025 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createSessionTerm.php via the id, termId, and sessionName parameters.

Action-Not Available
Vendor-student_attendance_management_system_projectn/a
Product-student_attendance_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-41522
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.03% / 7.64%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 00:00
Updated-13 Aug, 2025 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createStudents.php via the Id, firstname, and admissionNumber parameters.

Action-Not Available
Vendor-student_attendance_management_system_projectn/a
Product-student_attendance_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-41523
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.03% / 7.64%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 00:00
Updated-13 Aug, 2025 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the emailAddress parameter at createClassTeacher.php.

Action-Not Available
Vendor-student_attendance_management_system_projectn/a
Product-student_attendance_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-41519
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 7.20%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 00:00
Updated-13 Aug, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Student Attendance Management System v1 was discovered to contain a cross-site scripting (XSS) vulnerability via the sessionName parameter at createSessionTerm.php.

Action-Not Available
Vendor-student_attendance_management_system_projectn/a
Product-student_attendance_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-4052
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.05% / 16.57%
||
7 Day CHG~0.00%
Published-17 Nov, 2022 | 00:00
Updated-15 Apr, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Student Attendance Management System createClass.php sql injection

A vulnerability was found in Student Attendance Management System and classified as critical. This issue affects some unknown processing of the file /Admin/createClass.php. The manipulation of the argument Id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213845 was assigned to this vulnerability.

Action-Not Available
Vendor-student_attendance_management_system_projectunspecified
Product-student_attendance_management_systemStudent Attendance Management System
CWE ID-CWE-707
Improper Neutralization
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-4053
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-2.4||LOW
EPSS-0.06% / 18.64%
||
7 Day CHG~0.00%
Published-17 Nov, 2022 | 00:00
Updated-15 Apr, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Student Attendance Management System createClass.php cross site scripting

A vulnerability was found in Student Attendance Management System. It has been classified as problematic. Affected is an unknown function of the file createClass.php. The manipulation of the argument className leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-213846 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-student_attendance_management_system_projectunspecified
Product-student_attendance_management_systemStudent Attendance Management System
CWE ID-CWE-707
Improper Neutralization
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45865
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 60.59%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 00:41
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via the file upload functionality.

Action-Not Available
Vendor-student_attendance_management_system_projectn/a
Product-student_attendance_management_systemn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-45866
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 41.64%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 00:39
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Student Attendance Management System 1.0 via the couse filed in index.php.

Action-Not Available
Vendor-student_attendance_management_system_projectn/a
Product-student_attendance_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')