Every CVE whose affected-product data names Schools Alert Management Script Project Schools Alert Management Script, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2018-6859 — CVSS 9.8 (critical): SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter.
CVE-2018-12052 — CVSS 9.8 (critical): SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.
CVE-2018-12051 — CVSS 9.8 (critical): Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in…
CVE-2018-12055 — CVSS 9.8 (critical): Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php…
CVE-2018-6860 — CVSS 8.8 (high): Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script 2.0.2 via a profile picture.
CVE-2018-12054 — CVSS 7.5 (high): Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.
CVE-2018-12053 — CVSS 7.5 (high): Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using…