Lucene search

K
exploitdbAtT4CKxT3rR0r1STEDB-ID:38946
HistoryJan 07, 2014 - 12:00 a.m.

Command School Student Management System - '/sw/admin_school_years.php?id' SQL Injection

2014-01-0700:00:00
AtT4CKxT3rR0r1ST
www.exploit-db.com
16
sql injection
cross-site request forgery
cross-site scripting
html injection
security-bypass
command school student management system

AI Score

7.4

Confidence

Low

source: https://www.securityfocus.com/bid/64707/info
  
Command School Student Management System is prone to the following security vulnerabilities:
  
1. Multiple SQL-injection vulnerabilities
2. A cross-site request forgery vulnerability
3. A cross-site scripting vulnerability
4. An HTML injection vulnerability
5. A security-bypass vulnerability
  
Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
  
Command School Student Management System 1.06.01 is vulnerable; other versions may also be affected. 

http://www.example.com/sw/admin_school_years.php?action=edit&id=null+and+1=2+union+select+version()

AI Score

7.4

Confidence

Low

Related for EDB-ID:38946