dino_physics_school_assistant_project 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk sql injection and vendor risk cross-site scripting があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact data exposure and vendor impact session compromise などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-35359 | A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=view_item. Manipulating the argument id can result in SQL injection. | [email protected] | 9.8 | 0.43% | 2024-05-30 | 2026-06-17 |
| CVE-2024-35353 | A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Users.php?f=save. Manipulating the argument id can result in improper authorization. | [email protected] | 9.8 | 0.56% | 2024-05-30 | 2026-06-17 |
| CVE-2024-35352 | A vulnerability has been discovered in Diño Physics School Assistant version 2.3. This vulnerability impacts unidentified code within the file /classes/Users.php?f=save. Manipulating the parameter middlename results in cross-site scripting. | [email protected] | 6.1 | 0.32% | 2024-05-30 | 2026-06-17 |
| CVE-2024-35351 | A vulnerability has been discovered in Diño Physics School Assistant version 2.3. This vulnerability impacts unidentified code within the file /classes/SystemSettings.php?f=update_settings. Manipulating the parameter name results in cross-site scripting. | [email protected] | 5.4 | 0.26% | 2024-05-30 | 2026-06-17 |
| CVE-2024-35350 | A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /admin/?page=borrow/view_borrow. Manipulating the argument id can result in SQL injection. | [email protected] | 9.8 | 0.53% | 2024-05-30 | 2026-06-17 |
| CVE-2024-35349 | A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /admin/category/view_category.php. Manipulating the argument id can result in SQL injection. | [email protected] | 9.8 | 0.51% | 2024-05-30 | 2026-06-17 |
| CVE-2024-35358 | A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=view_category. Manipulating the argument id can result in SQL injection. | [email protected] | 6.5 | 0.41% | 2024-05-30 | 2026-06-17 |
| CVE-2024-35357 | A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=delete_item. Manipulating the argument id can result in SQL injection. | [email protected] | 5.3 | 0.24% | 2024-05-30 | 2026-06-17 |
| CVE-2024-35356 | A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=save_item. Manipulating the argument id can result in SQL injection. | [email protected] | 6.3 | 0.37% | 2024-05-30 | 2026-06-17 |
| CVE-2024-35355 | A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=delete_category. Manipulating the argument id can result in SQL injection. | [email protected] | 9.8 | 0.65% | 2024-05-30 | 2026-06-17 |
| CVE-2024-35354 | A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=save_category. Manipulating the argument id can result in SQL injection. | [email protected] | 9.8 | 0.65% | 2024-05-30 | 2026-06-17 |
| CVE-2024-35345 | A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts unidentified code within the file /classes/Users.php. Manipulating the argument id results in cross-site scripting. | [email protected] | 5.4 | 0.36% | 2024-05-30 | 2026-06-17 |