Published: 07/02/2014 Updated: 21/02/2014

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 690

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple cross-site request forgery (CSRF) vulnerabilities in Command School Student Management System 1.06.01 allow remote malicious users to hijack the authentication of (1) administrators for requests that change the administrator password via an update action to sw/admin_change_password.php or (2) unspecified victims for requests that add a topic or blog entry to sw/add_topic.php. NOTE: vector 2 can be leveraged to bypass the authentication requirements for exploiting vector 1 in CVE-2014-1914.

Vulnerable Product	Search on Vulmon	Subscribe to Product
doug poulin command school student management system 1.06.01

source: wwwsecurityfocuscom/bid/64707/info Command School Student Management System is prone to the following security vulnerabilities: 1 Multiple SQL-injection vulnerabilities 2 A cross-site request forgery vulnerability 3 A cross-site scripting vulnerability 4 An HTML injection vulnerability 5 A security- ...

source: wwwsecurityfocuscom/bid/64707/info Command School Student Management System is prone to the following security vulnerabilities: 1 Multiple SQL-injection vulnerabilities 2 A cross-site request forgery vulnerability 3 A cross-site scripting vulnerability 4 An HTML injection vulnerability 5 A securit ...

CWE-352 http://osvdb.org/101889 http://osvdb.org/101890 http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html http://www.securityfocus.com/bid/64707 https://nvd.nist.gov https://www.exploit-db.com/exploits/38957/

CVE-2014-1915

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect