MitreCVELIST:CVE-2014-1636CVE-2014-1636
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
References
osvdb.org/101874
osvdb.org/101875
osvdb.org/101876
osvdb.org/101877
osvdb.org/101878
osvdb.org/101879
osvdb.org/101880
osvdb.org/101881
osvdb.org/101882
osvdb.org/101883
osvdb.org/101884
osvdb.org/101885
packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html
www.securityfocus.com/bid/64707
exchange.xforce.ibmcloud.com/vulnerabilities/90175
Related
