Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2014-1636

Published: 22/01/2014 Updated: 30/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 810
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Command School Student Management System

Vulnerability Summary

Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote malicious users to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.

Vulnerable Product Search on Vulmon Subscribe to Product

doug poulin command school student management system 1.06.01

Exploits

Exploit DB: Command School Student Management System - '/sw/admin_sgrades.php?id' SQL Injection
source: wwwsecurityfocuscom/bid/64707/info Command School Student Management System is prone to the following security vulnerabilities: 1 Multiple SQL-injection vulnerabilities 2 A cross-site request forgery vulnerability 3 A cross-site scripting vulnerability 4 An HTML injection vulnerability 5 A security-bypass vulnerability ...
Exploit DB: Command School Student Management System - '/sw/admin_generations.php?id' SQL Injection
source: wwwsecurityfocuscom/bid/64707/info Command School Student Management System is prone to the following security vulnerabilities: 1 Multiple SQL-injection vulnerabilities 2 A cross-site request forgery vulnerability 3 A cross-site scripting vulnerability 4 An HTML injection vulnerability 5 A security-bypass vulnera ...
Exploit DB: Command School Student Management System - '/sw/admin_grades.php?id' SQL Injection
source: wwwsecurityfocuscom/bid/64707/info Command School Student Management System is prone to the following security vulnerabilities: 1 Multiple SQL-injection vulnerabilities 2 A cross-site request forgery vulnerability 3 A cross-site scripting vulnerability 4 An HTML injection vulnerability 5 A security-bypass vulnerability Expl ...
Exploit DB: Command School Student Management System - '/sw/admin_relations.php?id' SQL Injection
source: wwwsecurityfocuscom/bid/64707/info Command School Student Management System is prone to the following security vulnerabilities: 1 Multiple SQL-injection vulnerabilities 2 A cross-site request forgery vulnerability 3 A cross-site scripting vulnerability 4 An HTML injection vulnerability 5 A security-bypass vulne ...
Exploit DB: Command School Student Management System - '/sw/health_allergies.php?id' SQL Injection
source: wwwsecurityfocuscom/bid/64707/info Command School Student Management System is prone to the following security vulnerabilities: 1 Multiple SQL-injection vulnerabilities 2 A cross-site request forgery vulnerability 3 A cross-site scripting vulnerability 4 An HTML injection vulnerability 5 A security-bypass v ...
Exploit DB: Command School Student Management System - '/sw/admin_titles.php?id' SQL Injection
source: wwwsecurityfocuscom/bid/64707/info Command School Student Management System is prone to the following security vulnerabilities: 1 Multiple SQL-injection vulnerabilities 2 A cross-site request forgery vulnerability 3 A cross-site scripting vulnerability 4 An HTML injection vulnerability 5 A security-bypass vul ...
Exploit DB: Command School Student Management System - '/sw/admin_school_years.php?id' SQL Injection
source: wwwsecurityfocuscom/bid/64707/info Command School Student Management System is prone to the following security vulnerabilities: 1 Multiple SQL-injection vulnerabilities 2 A cross-site request forgery vulnerability 3 A cross-site scripting vulnerability 4 An HTML injection vulnerability 5 A security-bypass vulnerability ...
Exploit DB: Command School Student Management System - '/sw/admin_subjects.php?id' SQL Injection
source: wwwsecurityfocuscom/bid/64707/info Command School Student Management System is prone to the following security vulnerabilities: 1 Multiple SQL-injection vulnerabilities 2 A cross-site request forgery vulnerability 3 A cross-site scripting vulnerability 4 An HTML injection vulnerability 5 A security-bypa ...
Exploit DB: Command School Student Management System - '/sw/admin_school_names.php?id' SQL Injection
source: wwwsecurityfocuscom/bid/64707/info Command School Student Management System is prone to the following security vulnerabilities: 1 Multiple SQL-injection vulnerabilities 2 A cross-site request forgery vulnerability 3 A cross-site scripting vulnerability 4 An HTML injection vulnerability 5 A security-bypass ...
Exploit DB: Command School Student Management System - '/sw/admin_terms.php?id' SQL Injection
source: wwwsecurityfocuscom/bid/64707/info Command School Student Management System is prone to the following security vulnerabilities: 1 Multiple SQL-injection vulnerabilities 2 A cross-site request forgery vulnerability 3 A cross-site scripting vulnerability 4 An HTML injection vulnerability 5 A security-bypass vulnerability E ...
Exploit DB: Command School Student Management System - '/sw/admin_media_codes_1.php?id' SQL Injection
source: wwwsecurityfocuscom/bid/64707/info Command School Student Management System is prone to the following security vulnerabilities: 1 Multiple SQL-injection vulnerabilities 2 A cross-site request forgery vulnerability 3 A cross-site scripting vulnerability 4 An HTML injection vulnerability 5 A security-bypass vulnerabili ...
Exploit DB: Command School Student Management System - '/sw/admin_infraction_codes.php?id' SQL Injection
source: wwwsecurityfocuscom/bid/64707/info Command School Student Management System is prone to the following security vulnerabilities: 1 Multiple SQL-injection vulnerabilities 2 A cross-site request forgery vulnerability 3 A cross-site scripting vulnerability 4 An HTML injection vulnerability 5 A security-bypass vulnerabi ...

References

CWE-89http://osvdb.org/101882http://osvdb.org/101877http://osvdb.org/101884http://osvdb.org/101875http://osvdb.org/101883http://osvdb.org/101874http://osvdb.org/101876http://osvdb.org/101879http://osvdb.org/101880http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.htmlhttp://osvdb.org/101878http://osvdb.org/101881http://osvdb.org/101885http://www.securityfocus.com/bid/64707https://exchange.xforce.ibmcloud.com/vulnerabilities/90175https://nvd.nist.govhttps://www.exploit-db.com/exploits/38947/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook