v|per

7 exploits Active since Mar 2025
CVE-2024-53636 WRITEUP MEDIUM WORKING POC
Serosoft Academia Student Information System EagleR-1.0.118 - Arbitrary File Upload via writefile.php filePath Parameter
An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information System (SIS) EagleR-1.0.118 allows attackers to execute arbitrary code via ../ in the filePath parameter.
CVSS 6.4
CVE-2025-25948 WRITEUP CRITICAL WORKING POC
Academia Student Information System EagleR 1.0.118 - Improper Access Control in Staff Resource Creation
Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.
CVSS 9.1
CVE-2025-25949 WRITEUP MEDIUM WORKING POC
Academia Student Information System EagleR 1.0.118 - Stored Cross-Site Scripting via User ID Parameter
A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the User ID parameter at /rest/staffResource/update.
CVSS 5.4
CVE-2025-25950 WRITEUP HIGH WORKING POC
Academia Student Information System EagleR 1.0.118 - Improper Access Control in /rest/staffResource/update
Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.
CVSS 8.1
CVE-2025-25951 WRITEUP HIGH WRITEUP
Academia Student Information System EagleR 1.0.118 - Exposure of Sensitive Information via /rest/cb/executeBasicSearch
An information disclosure vulnerability in the component /rest/cb/executeBasicSearch of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information.
CVSS 7.5
CVE-2025-25952 WRITEUP MEDIUM WORKING POC
Academia Student Information System EagleR 1.0.118 - Authorization Bypass via getStudemtAllDetailsById API
An Insecure Direct Object References (IDOR) in the component /getStudemtAllDetailsById?studentId=XX of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information via a crafted API request.
CVSS 6.5
CVE-2025-25953 WRITEUP MEDIUM WORKING POC
Academia Student Information System EagleR 1.0.118 - Authenticated Privilege Escalation via Azure JWT Token Exposure
Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. This vulnerability allows authenticated attackers to escalate privileges and access sensitive information.
CVSS 6.5