CVE-2008-6618

CVE-2008-6618 affects ClassSystem 2.3. The vulnerability consists of multiple SQL injection flaws allowing remote attackers to execute arbitrary SQL commands via the teacher_id parameter in class/HomepageMain.php and class/HomepageTop.php, and via the message_id parameter in class/MessageReply.ph...

CVE-2008-6619

CVE-2008-6619 affects ClassSystem 2.3, via an unrestricted file upload vulnerability in class/ApplyDB.php that allows remote attackers to execute arbitrary code by uploading a file with an executable extension and accessing it through a direct request to the file in class/UploadHomepage/. The con...