Aggregates CVE and security vulnerability intelligence across all school_event_management_system_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk sql injection and vendor risk csrf; exposure may include vendor impact data exposure in vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-18795 | School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter. | [email protected] | 9.8 | 3.21% | 2018-11-16 | 2024-11-21 |
| CVE-2018-18794 | School Event Management System 1.0 allows CSRF via user/controller.php?action=edit. | [email protected] | 8.8 | 2.38% | 2018-11-16 | 2024-11-21 |
| CVE-2018-18793 | School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos. | [email protected] | 9.8 | 9.50% | 2018-11-16 | 2024-11-21 |