3 matches found
WPSchoolPress < 2.2.5 - Teacher+ SQLi
Description The plugin uses the WordPress escsql function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers. 1. Install the WPSchoolpress plugin and Import Demo Data. 2. Log in as a teache...
ClassSystem 2.02.3 - MessageReply.php?teacher_id SQL Injection
ClassSystem 2.02.3 - MessageReply.php?teacherid SQL Injection source: https://www.securityfocus.com/bid/29372/info ClassSystem is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. These issues include multiple SQL-injection...
ClassSystem 2.0/2.3 - 'HomepageMain.php?teacher_id' SQL Injection
source: https://www.securityfocus.com/bid/29372/info ClassSystem is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. These issues include multiple SQL-injection vulnerabilities and an arbitrary-file-upload vulnerability. Exploiting...