Ssl_Seven_Security Lab_Wangzhiqiang_Xiaozilong

**Name of the Vulnerable Software and Affected Versions** Kashipara College Management System version 1.0 **Description** A problematic issue was found in the system, affecting some unknown functionality of the file view each faculty.php. The manipulation of the `id` argument leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For Kashipara College Management System version 1.0, consider restricting access to the view each faculty.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Kashipara College Management System version 1.0 **Description** A problematic issue has been found in the system, affecting an unknown function of the file delete faculty.php. The manipulation of the `id` argument leads to cross-site scripting. It is possible to launch the attack remotely. **Recommendations** For Kashipara College Management System version 1.0, consider disabling the delete faculty.php file or restricting access to it until a patch is available. Avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Kashipara College Management System version 1.0 **Description** A problematic issue was found in the processing of the file each extracurricula activities.php. The manipulation of the `id` argument leads to cross site scripting. The attack may be initiated remotely. **Recommendations** For Kashipara College Management System version 1.0, consider restricting access to the each extracurricula activities.php file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kashipara College Management System version 1.0 **Description** A problematic issue has been found in the system, affecting the processing of the file submit login.php. The manipulation of the `usertype` argument leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** For Kashipara College Management System version 1.0, consider restricting access to the submit login.php file until a fix is available. As a temporary workaround, avoid using the `usertype` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Kashipara College Management System version 1.0 **Description** A problematic issue was found in the system, affecting an unknown function of the file submit new faculty.php. The manipulation of the `address` argument leads to cross site scripting. It is possible to launch the attack remotely. **Recommendations** For Kashipara College Management System version 1.0, consider disabling the submit new faculty.php file or restricting access to it until a patch is available. Avoid using the `address` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Kashipara College Management System version 1.0 **Description** A problematic issue has been discovered, affecting some unknown functionality of the file submit enroll staff.php. The manipulation of the `class name` argument leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For Kashipara College Management System version 1.0, as a temporary workaround, consider restricting access to the submit enroll staff.php file until a patch is available. Avoid using the `class name` argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kashipara College Management System version 1.0 **Description** A vulnerability was found in the Kashipara College Management System, affecting an unknown functionality of the file submit admin.php. The manipulation of the `admin name` argument leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For Kashipara College Management System version 1.0, consider disabling the submit admin.php file or restricting access to it until a patch is available. Avoid using the `admin name` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kashipara College Management System version 1.0 **Description** A vulnerability has been found in the file submit student.php, where the manipulation of the `address` argument leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Kashipara College Management System version 1.0, consider restricting access to the submit student.php file until a patch is available. As a temporary workaround, avoid using the `address` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Kashipara College Management System version 1.0 **Description** A problematic issue has been found in the file submit enroll student.php, where the manipulation of the `class name` argument leads to cross-site scripting. This issue can be initiated remotely. **Recommendations** For Kashipara College Management System version 1.0, as a temporary workaround, consider restricting access to the submit enroll student.php file until a patch is available. Avoid using the `class name` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Kashipara College Management System version 1.0 **Description** A problematic issue was found in the submit extracurricular activity.php file, where the manipulation of the `activity contact` argument leads to cross-site scripting. The attack can be initiated remotely. **Recommendations** For Kashipara College Management System version 1.0, consider restricting access to the submit extracurricular activity.php file until a patch is available. As a temporary workaround, avoid using the `activity contact` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Campcodes Complete Web-Based School Management System version 1.0 **Description** A critical issue has been found in the system, affecting some unknown functionality of the file /view/timetable grade wise.php. The manipulation of the `grade` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For Campcodes Complete Web-Based School Management System version 1.0, as a temporary workaround, consider restricting access to the /view/timetable grade wise.php file until a patch is available. Avoid using the `grade` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Campcodes Complete Web-Based School Management System version 1.0 **Description** A critical issue affects the processing of the file /view/unread msg.php, where the manipulation of the `my index` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For Campcodes Complete Web-Based School Management System version 1.0, consider restricting access to the /view/unread msg.php file until a patch is available. As a temporary workaround, avoid using the `my index` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Campcodes Complete Web-Based School Management System version 1.0 **Description** A critical issue has been found in the system, affecting the file /view/timetable update form.php. The manipulation of the `grade` argument leads to SQL injection. The attack can be initiated remotely. There have been reports of activities targeting this system. **Recommendations** For Campcodes Complete Web-Based School Management System version 1.0, consider restricting access to the /view/timetable update form.php file until a patch is available. As a temporary workaround, avoid using the `grade` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Campcodes Complete Web-Based School Management System version 1.0 **Description** A critical issue has been found in the system, affecting the file /view/teacher salary details3.php. The manipulation of the `index` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For Campcodes Complete Web-Based School Management System version 1.0, consider restricting access to the /view/teacher salary details3.php file until a patch is available. As a temporary workaround, avoid using the `index` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Campcodes Complete Web-Based School Management System version 1.0 **Description** A critical issue was found in the system, affecting the file /view/timetable insert form.php. The manipulation of the `grade` argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Campcodes Complete Web-Based School Management System version 1.0, consider restricting access to the `/view/timetable insert form.php` file until a patch is available. As a temporary workaround, avoid using the `grade` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Campcodes Complete Web-Based School Management System version 1.0 **Description** A critical issue has been found in the system, affecting an unknown function of the file /view/teacher salary invoice.php. The manipulation of the `teacher id` argument leads to SQL injection. It is possible to launch the attack remotely. **Recommendations** For Campcodes Complete Web-Based School Management System version 1.0, as a temporary workaround, consider restricting access to the `/view/teacher salary invoice.php` file until a patch is available. Avoid using the `teacher id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Campcodes Complete Web-Based School Management System version 1.0 **Description** A critical issue was found in the file /view/teacher salary invoice1.php, where the manipulation of the `date` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For Campcodes Complete Web-Based School Management System version 1.0, as a temporary workaround, consider restricting access to the /view/teacher salary invoice1.php file until a patch is available. Avoid using the `date` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Campcodes Complete Web-Based School Management System version 1.0 **Description** A critical issue affects some unknown functionality of the file /view/teacher salary details.php, where the manipulation of the `index` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For Campcodes Complete Web-Based School Management System version 1.0, as a temporary workaround, consider restricting access to the `/view/teacher salary details.php` file until a patch is available. Avoid using the `index` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Campcodes Complete Web-Based School Management System version 1.0 **Description** A critical issue has been found in the system, affecting an unknown part of the file /view/teacher salary details2.php. The manipulation of the `index` argument leads to SQL injection. It is possible to initiate the attack remotely. **Recommendations** For Campcodes Complete Web-Based School Management System version 1.0, as a temporary workaround, consider restricting access to the /view/teacher salary details2.php file until a patch is available. Avoid using the `index` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Campcodes Complete Web-Based School Management System version 1.0 Description: A critical issue was found in the system, affecting an unknown function of the file /view/student payment details4.php. The manipulation of the `index` argument leads to SQL injection. It is possible to launch the attack remotely. Recommendations: For Campcodes Complete Web-Based School Management System version 1.0, consider disabling access to the /view/student payment details4.php file until a patch is available. Restrict the manipulation of the `index` argument to minimize the risk of SQL injection exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.