2 matches found
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of 1 administrators for requests that change the administrator password via an update action to sw/adminchangepassword.php or 2...
CVE-2014-1915
CVE-2014-1915 affects Command School Student Management System 1.06.01 and involves Multiple CSRF vulnerabilities. The described flaws allow remote attackers to hijack admin authentication for password changes via sw/admin_change_password.php and to perform add_topic.php actions (adding a topic o...