2 matches found
Pearson eSIS Enterprise Student Information System SQL Injection
Advisory ID: hag201478 Product: Pearson eSIS Enterprise Student Information System Vendor: PearsonVue Vulnerable Versions: Any version Advisory Publication: April 06, 2014 Vendor Notification: March 05, 2014 Public Disclosure: April 06, 2014 Vulnerability Type: Improper Neutralization of Special...
CVE-2014-1455
Pearson eSIS Enterprise Student Information System (vendor Pearson VUE) is affected by CVE-2014-1455 due to an SQL injection in the password-reset function. The vulnerability involves unsanitized input in the new password being used in an ALTER USER/SQL context, enabling an attacker to execute ar...