CVE-2025-70151
- EPSS 0.25%
- Veröffentlicht 18.02.2026 00:00:00
- Zuletzt bearbeitet 23.02.2026 17:53:20
code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote code execution via unrestricted file upload. The endpoints update_profile_picture.php and upload_picture.php store uploaded files in a web-accessible upload...
CVE-2025-70152
- EPSS 0.12%
- Veröffentlicht 18.02.2026 00:00:00
- Zuletzt bearbeitet 23.02.2026 17:54:31
code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/save_user.php and /admin/update_user.php. These endpoints lack authentication checks and directly concatenate us...
CVE-2025-14951
- EPSS 0.04%
- Veröffentlicht 19.12.2025 14:32:06
- Zuletzt bearbeitet 24.12.2025 14:57:18
A security vulnerability has been detected in code-projects Scholars Tracking System 1.0. The impacted element is an unknown function of the file /home.php. Such manipulation of the argument post_content leads to sql injection. The attack can be exec...
CVE-2025-14950
- EPSS 0.04%
- Veröffentlicht 19.12.2025 13:32:06
- Zuletzt bearbeitet 24.02.2026 06:16:29
A weakness has been identified in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /delete_post.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is po...
CVE-2025-14940
- EPSS 0.04%
- Veröffentlicht 19.12.2025 04:02:08
- Zuletzt bearbeitet 24.12.2025 14:56:01
A vulnerability was determined in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /admin/delete_user.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the at...
CVE-2024-24098
- EPSS 0.05%
- Veröffentlicht 05.03.2024 16:15:49
- Zuletzt bearbeitet 23.10.2025 20:06:00
Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection via the News Feed.