Lucene search

[email protected]CVE-2014-1637

HistoryJan 22, 2014 - 7:55 p.m.

CVE-2014-1637

2014-01-2219:55:06

CWE-200

[email protected]

web.nvd.nist.gov

cve-2014-1637

information security

unauthorized access

database backup

command school student management system

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.113 Low

EPSS

Percentile

95.3%

JSON

Command School Student Management System 1.06.01 does not properly restrict access to sw/backup/backup_ray2.php, which allows remote attackers to download a database backup via a direct request.

Affected configurations

NVD

Node

doug_poulincommand_school_student_management_systemMatch1.06.01

CPENameOperatorVersion
doug_poulin:command_school_student_management_systemdoug poulin command school student management systemeq1.06.01

CPE	Name	Operator	Version
doug_poulin:command_school_student_management_system	doug poulin command school student management system	eq	1.06.01

References

osvdb.org/101888

packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html

www.securityfocus.com/bid/64707

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.113 Low

EPSS

Percentile

95.3%

JSON

Related for CVE-2014-1637

cvelist1 nvd1 prion1