3 matches found
Design/Logic Flaw
admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote attackers to read the database via a SaveSQL action...
CVE-2012-1670
admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote attackers to read the database via a SaveSQL action...
CVE-2012-1670
The CVE describes an unauthenticated SQL database export vulnerability in PHP Grade Book (admin/index.php) present in versions before 1.9.5 BETA. The flaw allows an attacker to read/export the entire application database via the SaveSQL action, due to session handling that enables privileged acce...