Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

centreVuln.txt

🗓️ 01 Jul 2004 00:00:00Reported by ManipType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 40 Views

Centre is a free student management system with vulnerabilities enabling privilege escalation.

Code
`Summary: [www.miller-group.net] The Miller Group, Inc. announces the release   
of Centre, a free student information system for public and non-public   
schools. Centre is a web-based, open source, student management product with   
features that include scheduling, grade book, attendance, eligibility,   
transcripts, and more. And, of course, student and employee information   
screens are critical components of Centre.  
  
Version: 1.0  
  
Exploit: There is no sanity checking anywhere in Centre. In effect an   
unprivileged user can change administrator options and could lead to   
privilege escalation. This includes but is not limited to creating new   
accounts:  
  
http://demo.miller-group.net/index.php?modfunc=create_account&staff&username=admin&staff_id=new  
  
There is also improper checking in the modules.php file this could allow PHP   
script injection. No validation is done on the module path.  
  
Fix: Disable centre until an update is released (the problems are too   
extensive).   
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Jul 2004 00:00Current
7.4High risk
Vulners AI Score7.4
centre softwarestudent information systemprivilege escalationaccount creationphp script injectionsecurity update.
40