Lucene search
K
Doug PoulinCommand School Student Management System

4 matches found

CVE
CVE
added 2014/02/07 3:0 p.m.57 views

CVE-2014-1914

The CVE-2014-1914 entry describes multiple XSS vulnerabilities in the Command School Student Management System (version 1.06.01). The affected components are the web pages sw/add_topic.php (topic parameter) and sw/chat/message.php (nick parameter), where unsanitized input can be reflected to user...

4.3CVSS5.9AI score0.01327EPSS
CVE
CVE
added 2014/01/22 7:0 p.m.56 views

CVE-2014-1636

CVE-2014-1636 describes multiple SQL injection vulnerabilities in the Command School Student Management System 1.06.01 . The flaw allows remote attackers to execute arbitrary SQL commands by manipulating the id parameter in an edit action across multiple admin pages (admin_school_names.php, admin...

7.5CVSS8.9AI score0.03796EPSS
CVE
CVE
added 2014/02/07 3:0 p.m.45 views

CVE-2014-1915

CVE-2014-1915 affects Command School Student Management System 1.06.01 and involves Multiple CSRF vulnerabilities. The described flaws allow remote attackers to hijack admin authentication for password changes via sw/admin_change_password.php and to perform add_topic.php actions (adding a topic o...

6.8CVSS7.7AI score0.02468EPSS
CVE
CVE
added 2014/01/22 7:0 p.m.42 views

CVE-2014-1637

CVE-2014-1637 affects Command School Student Management System 1.06.01. The issue is an improper access restriction on sw/backup/backup_ray2.php, allowing remote attackers to download a database backup via a direct request. Public exposure is indicated by referenced exploit information (Exploit-D...

5CVSS6.9AI score0.06943EPSS