TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the “Student Busing Information” search queries.
CPE | Name | Operator | Version |
---|---|---|---|
novusedu | eq | 2.2.0-xxpbb20201123184084 | |
veo_transportation | eq | 2.2.0-xxpbb20201123184084-os |