Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-29359: School Club Application System in PHP/OOP Free Source Code

A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter.

CVE
#sql#xss#vulnerability#web#google#apache#java#php

Submitted by oretnom23 on Thursday, April 7, 2022 - 17:48.

****Introduction****

This simple project is a School Clubs Application System. This is a web-based application project developed in PHP and MySQL Database. this application provides an online platform for exploring the different clubs in certain schools and submitting a membership application. This project has a simple and pleasant user interface using Material Kit 2 Template and Bootstrap 5 Framework. It consists of user-friendly features and functionalities.

****About the School Clubs Application System****

I developed this project using the following:

  • XAMPP v3.3.0
  • PHP
  • MySQL Database
  • HTML
  • CSS
  • JavaScript
  • Ajax
  • jQuery
  • Bootstrap
  • Google Material Icon
  • Material Kit 2 Template

This School Clubs Application System is accessible to the School Management, Club’s Admin/Staff, and Students. The Management Site is the side of the system where the school management has the privilege to access and manage the list of the school’s student clubs. This site requires the Admin Type user credentials in order to gain access to the features and functionalities of this site. The admin users are the only ones who can register the Club’s Admin/Staff Users. The Club’s Admin/Staff site is the side of the application where the admin or staff of a certain club can manage the membership applications to their club submitted on the system. They can also update the application status. They can also view the basic information of the applicant including their contact information where they can reach back to the application according to their application. The students can access only the public site of the application where they are allowed to explore the active clubs of the school and read the information about each club.

****Features********Admin-Side****

  • Home Page
    • Display the summary of the list.
  • Club Management
    • Add New Club
    • List All Clubs
    • View Club Details
    • Edit Club Details
    • Delete Club Details
  • User Management
    • Add New User
    • List All Users
    • View User Details
    • Edit User Details
    • Delete User Details
  • Application Management
    • Add New Application
    • List All Applications
    • View Application Details
    • Edit Application Details
    • Delete Application Details
  • Update System Information
  • Update Account Details/Credentials
  • Login and Logout

****Club’s Admin/Staff-Side****

  • Home Page
    • Display the summary of the list.
  • Application Management
    • Add New Application
    • List All Applications
    • View Application Details
    • Edit Application Details
    • Delete Application Details
  • Update Account Details/Credentials
  • Login and Logout

****Public-Side****

  • Home Page
    • Display the Welcome Content.
  • ‘About Us’ Content
  • List All Active Clubs
  • View Club’s Details
  • Club’s Application Form
  • Submit Application
  • Login and Logout

The source code was developed only for educational purposes only. You can download the source code for free and modify it the way you wanted.

**System Snapshots of some Features******Public-Side’s Club List****

****Admin-Side Home Page****

****Club Details (Admin-Side)****

****User Details (Admin-Side)****

****Club’s Admin/Staff-Side Home Page****

How to Run ??

****Requirements****

  • Download and Install any local web server such as XAMPP.
  • Download the provided source code zip file. (download button is located below)
  • Download the project assets at https://www.dropbox.com/s/tocky9atdwtk1gs/scas_assets.zip?dl=1

****System Installation/Setup****

  1. Enable the GD Library in your php.ini file.
  2. Open your XAMPP Control Panel and start ****Apache**** and ****MySQL****.
  3. Extract the downloaded source code zip file.
  4. Copy the extracted source code folder and paste it into the XAMPP’s “htdocs” directory.
  5. Extract the downloaded assets zip file.
  6. Copy the extracted assets folder and paste it into the source code root path.
  7. Browse the ****PHPMyAdmin**** in a browser. i.e. ****http://localhost/phpmyadmin****
  8. Create a new database naming ****scas_db****.
  9. Import the provided ****SQL**** file. The file is known as ****scas_db.sql**** located inside the database folder.
  10. Browse the School Clubs Application System in a browser. i.e. ****http://localhost/scas/****.

****Admin Default Access:****

Username: admin
Password: admin123

****DEMO VIDEO****

That’s it. You can now explore the features and functionalities of this School Clubs Application System in PHP. I hope this will help you with what you are looking for and you’ll find something useful for your future projects.

Explore more on this website for more Free Source Codes and Tutorials.

Enjoy :)

  • 1578 views

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907