6 matches found
CVE-2021-3262
TripSpark VEO Transportation-2.2.x-XPBB-20201123-184084 NovusEDU-2.2.x-XPBB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queri...
CVE-2021-3262
TripSpark VEO Transportation-2.2.x-XPBB-20201123-184084 NovusEDU-2.2.x-XPBB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queri...
Sql injection
TripSpark VEO Transportation-2.2.x-XPBB-20201123-184084 NovusEDU-2.2.x-XPBB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queri...
CVE-2021-3262
TripSpark VEO Transportation-2.2.x-XPBB-20201123-184084 NovusEDU-2.2.x-XPBB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queri...
CVE-2021-3262
TripSpark VEO Transportation-2.2.x-XPBB-20201123-184084 NovusEDU-2.2.x-XPBB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queri...
CVE-2021-3262
CVE-2021-3262 affects TripSpark VEO Transportation (version 2.2.x) and NovusEDU (2.2.x XP_BB-20201123-184084). Root cause: unsafe data inputs in POST body parameters not sanitized server-side, enabling SQL injection in the Student Busing Information search queries. Impact stated as SQL commands c...