CVE-2014-1636

Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
Configurations

Configuration 1 (hide)

cpe:2.3:a:doug_poulin:command_school_student_management_system:1.06.01:*:*:*:*:*:*:*

History

21 Nov 2024, 02:04

Type Values Removed Values Added
References () http://osvdb.org/101874 - () http://osvdb.org/101874 -
References () http://osvdb.org/101875 - () http://osvdb.org/101875 -
References () http://osvdb.org/101876 - () http://osvdb.org/101876 -
References () http://osvdb.org/101877 - () http://osvdb.org/101877 -
References () http://osvdb.org/101878 - () http://osvdb.org/101878 -
References () http://osvdb.org/101879 - () http://osvdb.org/101879 -
References () http://osvdb.org/101880 - () http://osvdb.org/101880 -
References () http://osvdb.org/101881 - () http://osvdb.org/101881 -
References () http://osvdb.org/101882 - () http://osvdb.org/101882 -
References () http://osvdb.org/101883 - () http://osvdb.org/101883 -
References () http://osvdb.org/101884 - () http://osvdb.org/101884 -
References () http://osvdb.org/101885 - () http://osvdb.org/101885 -
References () http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html - Exploit () http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html - Exploit
References () http://www.securityfocus.com/bid/64707 - () http://www.securityfocus.com/bid/64707 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/90175 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/90175 -

Information

Published : 2014-01-22 19:55

Updated : 2024-11-21 02:04


NVD link : CVE-2014-1636

Mitre link : CVE-2014-1636

CVE.ORG link : CVE-2014-1636


JSON object : View

Products Affected

doug_poulin

  • command_school_student_management_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')