my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file.
8.8CVSS
8.6AI Score
0.006EPSS
/view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request.
9.8CVSS
9.7AI Score
0.004EPSS