Fabian Ros Scholars Tracking System 1.0
Approved changes feed: RSS · Atom
cpe:2.3:a:fabian:scholars_tracking_system:1.0:*:*:*:*:*:*:*
part: a version: 1.0 update: *
| Vendor | Fabian (fbf7922e-b691-5c28-8717-83ed5e15ae54) |
|---|---|
| Product | Scholars Tracking System (f0030503-c282-5172-b44b-db3f423e7b27) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-70152 |
vulnerable | 2026-06-03 15:12:29.603103 |
Details available
CRITICAL (9.8)
code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.php and /admin/update_user.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters (firstname, lastname, username, password, user_id) into SQL queries without validation or parameterization.
Published: 2026-02-18T00:00:00.000Z
Updated: 2026-02-18T18:06:19.419Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-70151 |
vulnerable | 2026-06-03 15:12:29.602540 |
Details available
code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote code execution via unrestricted file upload. The endpoints update_profile_picture.php and upload_picture.php store uploaded files in a web-accessible uploads/ directory using the original, user-supplied filename without validating the file type or extension. By uploading a PHP file and then requesting it from /uploads/, an attacker can execute arbitrary PHP code as the web server user.
Published: 2026-02-18T00:00:00.000Z
Updated: 2026-02-18T18:22:07.589Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-14951 |
vulnerable | 2026-06-03 14:58:56.204099 |
code-projects Scholars Tracking System home.php sql injection
HIGH (7.3)
A security vulnerability has been detected in code-projects Scholars Tracking System 1.0. The impacted element is an unknown function of the file /home.php. Such manipulation of the argument post_content leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
Published: 2025-12-19T14:32:06.003Z
Updated: 2026-02-24T05:56:19.799Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-14950 |
vulnerable | 2026-06-03 14:58:56.203751 |
code-projects Scholars Tracking System delete_post.php sql injection
HIGH (7.3)
A weakness has been identified in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /delete_post.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
Published: 2025-12-19T13:32:06.549Z
Updated: 2026-02-24T05:56:08.240Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-14940 |
vulnerable | 2026-06-03 14:58:56.190951 |
code-projects Scholars Tracking System delete_user.php sql injection
HIGH (7.3)
A vulnerability was determined in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /admin/delete_user.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Published: 2025-12-19T04:02:08.625Z
Updated: 2026-02-24T05:55:55.720Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-24098 |
vulnerable | 2026-06-03 14:55:05.091962 |
Details available
Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection via the News Feed.
Published: 2024-03-05T00:00:00.000Z
Updated: 2024-08-08T20:40:59.669Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.