A vulnerability classified as critical was found in SourceCodester School Dormitory Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Admin Login. The manipulation leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-216775.

School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126.

School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125

School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31.

School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4.

School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59.

School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/daily_collection_report.php.