Vulnerabilities (CVE)

Filtered by vendor Simple College Project Subscribe
Filtered by product Simple College
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-28173 1 Simple College Project 1 Simple College 2024-11-21 6.5 MEDIUM 7.2 HIGH
Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is stored in /alumni/admin/assets/uploads/.
CVE-2020-28172 1 Simple College Project 1 Simple College 2024-11-21 7.5 HIGH 9.8 CRITICAL
A SQL injection vulnerability in Simple College Website 1.0 allows remote unauthenticated attackers to bypass the admin authentication mechanism in college_website/admin/ajax.php?action=login, thus gaining access to the website administrative panel.