Vulnerabilities for Ommand school student management system (...) - CXSECURITY.COM

Vulnerabilities for
'Ommand school student management system'

2014-01-22

CVE-2014-1637

CWE-200

Command School Student Management System 1.06.01 does not properly restrict access to sw/backup/backup_ray2.php, which allows remote attackers to download a database backup via a direct request.

CVE-2014-1636

CWE-89

Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.

>>> Vendor: Doug poulin 2 Products

Ommand school student management system

Command school student management system

Copyright 2024, cxsecurity.com