CVE-2014-1636 Information
Description
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php (2) admin_subjects.php (3) admin_grades.php (4) admin_terms.php (5) admin_school_years.php (6) admin_sgrades.php (7) admin_media_codes_1.php (8) admin_infraction_codes.php (9) admin_generations.php (10) admin_relations.php (11) admin_titles.php or (12) health_allergies.php in sw/.
Reference
http://osvdb.org/101874 http://osvdb.org/101875 http://osvdb.org/101876 http://osvdb.org/101877 http://osvdb.org/101878 http://osvdb.org/101879 http://osvdb.org/101880 http://osvdb.org/101881 http://osvdb.org/101882 http://osvdb.org/101883 http://osvdb.org/101884 http://osvdb.org/101885 http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html http://www.securityfocus.com/bid/64707 https://exchange.xforce.ibmcloud.com/vulnerabilities/90175
Share on: