Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and previous versions allow (1) remote malicious users to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
onlinegrades online grades 3.2.6 |