GCVE - cpe:2.3:a:academiaerp:student_information_system:eagler-1.0.118:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:academiaerp:student_information_system:eagler-1.0.118:*:*:*:*:*:*:*

part: a version: eagler-1.0.118 update: *

Vendor	Academiaerp (`2cee4d7f-0791-5a6f-85c8-d4121ab8edc1`)
Product	Student Information System (`af6d7420-be54-5c1b-9fe6-b806b5867a38`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-25949`	vulnerable	2026-06-03 14:59:58.672363	Details available A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the User ID parameter at /rest/staffResource/update. Published: 2025-03-03T00:00:00.000Z Updated: 2025-12-12T15:20:41.097Z Open on db.gcve.eu Reference links https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89636 https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25949 https://github.com/el-viper/cve-research/tree/main/CVEs/CVE-2025-25949	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-25948`	vulnerable	2026-06-03 14:59:58.671976	Details available Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account. Published: 2025-03-03T00:00:00.000Z Updated: 2025-12-12T15:19:27.531Z Open on db.gcve.eu Reference links https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-53637 https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2025-25948 https://github.com/el-viper/cve-research/tree/main/CVEs/CVE-2025-25948	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-53636`	vulnerable	2026-06-03 14:57:39.757686	Details available MEDIUM (6.4) An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information System (SIS) EagleR-1.0.118 allows attackers to execute arbitrary code via ../ in the filePath parameter. Published: 2025-04-26T00:00:00.000Z Updated: 2025-12-12T15:18:04.085Z Open on db.gcve.eu Reference links https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-53636 https://github.com/el-viper/cve-research/tree/main/CVEs/CVE-2024-53636	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Student Information System

PURL mappings

Vulnerability references

Contribute