SQL injection vulnerability in the password reset functionality in Pearson eSIS Enterprise Student Information System, possibly 3.3.0.13 and earlier, allows remote attackers to execute arbitrary SQL commands via the new password.
References
Configurations
History
21 Nov 2024, 02:04
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/archive/1/531751/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/66689 - |
Information
Published : 2014-04-10 20:29
Updated : 2024-11-21 02:04
NVD link : CVE-2014-1455
Mitre link : CVE-2014-1455
CVE.ORG link : CVE-2014-1455
JSON object : View
Products Affected
pearson
- esis_enterprise_student_information_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')