Simple College Website 1.0 - Unauthenticated Remote Code Execution via UNION-based SQL Injection in Username Parameter
Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution via UNION-based SQL injection in the username parameter on /admin/login.php.