centreVuln.txt

2004-07-01T00:00:00
ID PACKETSTORM:33691
Type packetstorm
Reporter Manip
Modified 2004-07-01T00:00:00

Description

                                        
                                            `Summary: [www.miller-group.net] The Miller Group, Inc. announces the release   
of Centre, a free student information system for public and non-public   
schools. Centre is a web-based, open source, student management product with   
features that include scheduling, grade book, attendance, eligibility,   
transcripts, and more. And, of course, student and employee information   
screens are critical components of Centre.  
  
Version: 1.0  
  
Exploit: There is no sanity checking anywhere in Centre. In effect an   
unprivileged user can change administrator options and could lead to   
privilege escalation. This includes but is not limited to creating new   
accounts:  
  
http://demo.miller-group.net/index.php?modfunc=create_account&staff&username=admin&staff_id=new  
  
There is also improper checking in the modules.php file this could allow PHP   
script injection. No validation is done on the module path.  
  
Fix: Disable centre until an update is released (the problems are too   
extensive).   
`