Multiple PHP remote file inclusion vulnerabilities in Focus/SIS 2.2 allow remote malicious users to execute arbitrary PHP code via a URL in the staticpath parameter to (1) modules/Discipline/CategoryBreakdownTime.php or (2) modules/Discipline/StudentFieldBreakdown.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
focus sis focus sis 1.0 |
||
focus sis focus sis 2.2 |