4 matches found
CVE-2014-1914
The CVE-2014-1914 entry describes multiple XSS vulnerabilities in the Command School Student Management System (version 1.06.01). The affected components are the web pages sw/add_topic.php (topic parameter) and sw/chat/message.php (nick parameter), where unsanitized input can be reflected to user...
CVE-2014-1636
CVE-2014-1636 describes multiple SQL injection vulnerabilities in the Command School Student Management System 1.06.01 . The flaw allows remote attackers to execute arbitrary SQL commands by manipulating the id parameter in an edit action across multiple admin pages (admin_school_names.php, admin...
CVE-2014-1915
CVE-2014-1915 affects Command School Student Management System 1.06.01 and involves Multiple CSRF vulnerabilities. The described flaws allow remote attackers to hijack admin authentication for password changes via sw/admin_change_password.php and to perform add_topic.php actions (adding a topic o...
CVE-2014-1637
CVE-2014-1637 affects Command School Student Management System 1.06.01. The issue is an improper access restriction on sw/backup/backup_ray2.php, allowing remote attackers to download a database backup via a direct request. Public exposure is indicated by referenced exploit information (Exploit-D...