CVE-2009-2598
published 2009-07-27CVE-2009-2598: Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key…
PriorityP335medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
0.89%
55.0th percentile
Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| onlinegrades | online_grades | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Online Grades & Attendance 3.2.6 - Blind SQL Injection
exploitdb·2009-06-02
CVE-2009-2598 Online Grades & Attendance 3.2.6 - Blind SQL Injection
Online Grades & Attendance 3.2.6 - Blind SQL Injection
---
#!/usr/bin/perl
#***********************************************************************************************
#***********************************************************************************************
#** **
#** **
#** [] [] [] [][][][> [] [] [][ ][] [] [][]] [] [> [][][][> [][][][] **
#** || || || [] [][] [] [] [] [] [] [] [] [] [] [] **
# [> [][][][] [][][][> [] [] [] [] [] [][] [] [][] [][][][> [] [] **
#** [-----[]-----[][][][>--[]--[]-[]---[][][]--[]-[]--[]--------[]-----[][][][>--[][][][]---\
#**==[> [] [] [] [][] [] [] [][][] [] [][] [] [] [] >>--
#** [----[[]]----[]--- ----[]-----[]---[]--[]-----[]--[]-------[] []---[]----------[]--[]---/
# [> [[[]]] [][][][> [][] [] [][[] [[]] [][] [][][] [] [> [][][][> 'cc') Bl
Exploit-DB
Online Grades & Attendance 3.2.6 - Multiple SQL Injections
exploitdb·2009-06-01
CVE-2009-2598 Online Grades & Attendance 3.2.6 - Multiple SQL Injections
Online Grades & Attendance 3.2.6 - Multiple SQL Injections
---
** **
** **
** [] [] [] [][][][> [] [] [][ ][] [] [][]] [] [> [][][][> [][][][] **
** || || || [] [][] [] [] [] [] [] [] [] [] [] [] **
** [> [][][][] [][][][> [] [] [] [] [] [][] [] [][] [][][][> [] [] **
** [-----[]-----[][][][>--[]--[]-[]---[][][]--[]-[]--[]--------[]-----[][][][>--[][][][]---\
**==[> [] [] [] [][] [] [] [][][] [] [][] [] [] [] >>--
** [----[[]]----[]--- ----[]-----[]---[]--[]-----[]--[]-------[] []---[]----------[]--[]---/
[> [[[]]] [][][][> [][] [] [][[] [[]] [][] [][][] [] [> [][][][> WEB: http://www.onlinegrades.org/ |
|-->DOWNLOAD: http://www.onlinegrades.org/ |
|-->DEMO: http://www.onlinegrades.org/demo_info |
|-->CATEGORY: CMS / Education |
|-->DESCRIPTION: Online Grades is based on the project, Bas
No writeups or analysis indexed.
2009-07-27
Published