This page lists publicly disclosed CVE vulnerabilities affecting oretnom23 computer_laboratory_management_system (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-3770 | A flaw has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used. | [email protected] | 2.1 | 0.06% | 2026-03-08 | 2026-04-29 |
| CVE-2025-45956 | A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1.0 allows an authenticated attacker to execute arbitrary SQL commands via the "id" parameter | [email protected] | 8.8 | 0.30% | 2025-04-29 | 2025-05-14 |
| CVE-2024-54818 | SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. via /php-lms/admin/?page=user/list. | [email protected] | 8.8 | 0.10% | 2025-01-08 | 2025-04-16 |
| CVE-2024-40443 | SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows a remote attacker to cause a denial of service via the delete_users function in the Useres.php | [email protected] | 4.3 | 6.32% | 2024-11-13 | 2025-04-16 |
| CVE-2024-8348 | A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function delete_category of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 5.3 | 0.17% | 2024-08-30 | 2024-09-04 |
| CVE-2024-8347 | A vulnerability classified as critical was found in SourceCodester Computer Laboratory Management System 1.0. Affected by this vulnerability is the function delete_record of the file /classes/Master.php?f=delete_record. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 5.3 | 0.17% | 2024-08-30 | 2024-09-04 |
| CVE-2024-8346 | A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. Affected is the function update_settings_info of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 5.3 | 0.17% | 2024-08-30 | 2024-09-04 |
| CVE-2024-41332 | Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories. | [email protected] | 6.5 | 0.08% | 2024-08-12 | 2024-08-21 |
| CVE-2024-34480 | SourceCodester Computer Laboratory Management System 1.0 allows admin/category/view_category.php id SQL Injection. | [email protected] | 9.8 | 0.26% | 2024-08-07 | 2024-08-08 |
| CVE-2024-34479 | SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection. | [email protected] | 9.8 | 0.10% | 2024-08-07 | 2024-08-08 |
| CVE-2024-31586 | A Cross Site Scripting (XSS) vulnerability exists in Computer Laboratory Management System version 1.0. This vulnerability allows a remote attacker to execute arbitrary code via the Borrower Name, Department, and Remarks parameters. | [email protected] | 6.1 | 0.27% | 2024-06-20 | 2025-04-11 |
| CVE-2024-35583 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Remarks input field. | [email protected] | 6.1 | 0.18% | 2024-05-28 | 2025-04-11 |
| CVE-2024-35582 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Department input field. | [email protected] | 6.1 | 0.53% | 2024-05-28 | 2025-04-11 |
| CVE-2024-35581 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Borrower Name input field. | [email protected] | 6.1 | 0.48% | 2024-05-28 | 2025-04-11 |
| CVE-2024-34225 | Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters. | [email protected] | 6.1 | 0.38% | 2024-05-14 | 2025-04-16 |
| CVE-2024-34224 | Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters. | [email protected] | 7.3 | 0.96% | 2024-05-14 | 2025-04-16 |
| CVE-2024-31545 | Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/?page=user/manage_user&id=6. | [email protected] | 9.4 | 0.07% | 2024-04-22 | 2025-04-14 |
| CVE-2024-31547 | Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/item/view_item.php. | [email protected] | 9.1 | 0.11% | 2024-04-19 | 2025-04-14 |
| CVE-2024-31546 | Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/damage/view_damage.php. | [email protected] | 9.8 | 0.11% | 2024-04-19 | 2025-04-14 |
| CVE-2024-3695 | A vulnerability has been found in SourceCodester Computer Laboratory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260482 is the identifier assigned to this vulnerability. | [email protected] | 3.5 | 0.10% | 2024-04-12 | 2025-01-21 |