Vulnerability Details CVE-2014-1636
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.063
EPSS Ranking 90.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://osvdb.org/101874
- http://osvdb.org/101875
- http://osvdb.org/101876
- http://osvdb.org/101877
- http://osvdb.org/101878
- http://osvdb.org/101879
- http://osvdb.org/101880
- http://osvdb.org/101881
- http://osvdb.org/101882
- http://osvdb.org/101883
- http://osvdb.org/101884
- http://osvdb.org/101885
- http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html
- http://www.securityfocus.com/bid/64707
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90175
- http://osvdb.org/101874
- http://osvdb.org/101875
- http://osvdb.org/101876
- http://osvdb.org/101877
- http://osvdb.org/101878
- http://osvdb.org/101879
- http://osvdb.org/101880
- http://osvdb.org/101881
- http://osvdb.org/101882
- http://osvdb.org/101883
- http://osvdb.org/101884
- http://osvdb.org/101885
- http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html
- http://www.securityfocus.com/bid/64707
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90175
Products affected by CVE-2014-1636
-
cpe:2.3:a:doug_poulin:command_school_student_management_system:1.06.01