CVE-2014-1636

Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/101874
http://osvdb.org/101875
http://osvdb.org/101876
http://osvdb.org/101877
http://osvdb.org/101878
http://osvdb.org/101879
http://osvdb.org/101880
http://osvdb.org/101881
http://osvdb.org/101882
http://osvdb.org/101883
http://osvdb.org/101884
http://osvdb.org/101885
http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html	Exploit
http://www.securityfocus.com/bid/64707
https://exchange.xforce.ibmcloud.com/vulnerabilities/90175
http://osvdb.org/101874
http://osvdb.org/101875
http://osvdb.org/101876
http://osvdb.org/101877
http://osvdb.org/101878
http://osvdb.org/101879
http://osvdb.org/101880
http://osvdb.org/101881
http://osvdb.org/101882
http://osvdb.org/101883
http://osvdb.org/101884
http://osvdb.org/101885
http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html	Exploit
http://www.securityfocus.com/bid/64707
https://exchange.xforce.ibmcloud.com/vulnerabilities/90175

Configurations

Configuration 1 (hide)

cpe:2.3:a:doug_poulin:command_school_student_management_system:1.06.01:*:*:*:*:*:*:*

History

21 Nov 2024, 02:04

Type	Values Removed	Values Added
References	~~() http://osvdb.org/101874 -~~	() http://osvdb.org/101874 -
References	~~() http://osvdb.org/101875 -~~	() http://osvdb.org/101875 -
References	~~() http://osvdb.org/101876 -~~	() http://osvdb.org/101876 -
References	~~() http://osvdb.org/101877 -~~	() http://osvdb.org/101877 -
References	~~() http://osvdb.org/101878 -~~	() http://osvdb.org/101878 -
References	~~() http://osvdb.org/101879 -~~	() http://osvdb.org/101879 -
References	~~() http://osvdb.org/101880 -~~	() http://osvdb.org/101880 -
References	~~() http://osvdb.org/101881 -~~	() http://osvdb.org/101881 -
References	~~() http://osvdb.org/101882 -~~	() http://osvdb.org/101882 -
References	~~() http://osvdb.org/101883 -~~	() http://osvdb.org/101883 -
References	~~() http://osvdb.org/101884 -~~	() http://osvdb.org/101884 -
References	~~() http://osvdb.org/101885 -~~	() http://osvdb.org/101885 -
References	~~() http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html - Exploit~~	() http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html - Exploit
References	~~() http://www.securityfocus.com/bid/64707 -~~	() http://www.securityfocus.com/bid/64707 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/90175 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/90175 -

Information

Published : 2014-01-22 19:55

Updated : 2024-11-21 02:04

NVD link : CVE-2014-1636

Mitre link : CVE-2014-1636

CVE.ORG link : CVE-2014-1636

JSON object : View

Products Affected

doug_poulin

command_school_student_management_system

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

7.5 /10