Command School Student Management System 1.06.01 does not properly restrict access to sw/backup/backup_ray2.php, which allows remote attackers to download a database backup via a direct request.
CPE | Name | Operator | Version |
---|---|---|---|
command_school_student_management_system | eq | 1.06.01 |