CVE-2014-1636
published 2014-01-22CVE-2014-1636: Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id…
PriorityP351high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.91%
89.0th percentile
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| doug_poulin | command_school_student_management_system | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Command School Student Management System - '/sw/admin_sgrades.php?id' SQL Injection
exploitdb·2014-01-07
CVE-2014-1636 Command School Student Management System - '/sw/admin_sgrades.php?id' SQL Injection
Command School Student Management System - '/sw/admin_sgrades.php?id' SQL Injection
---
source: https://www.securityfocus.com/bid/64707/info
Command School Student Management System is prone to the following security vulnerabilities:
1. Multiple SQL-injection vulnerabilities
2. A cross-site request forgery vulnerability
3. A cross-site scripting vulnerability
4. An HTML injection vulnerability
5. A security-bypass vulnerability
Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
Command School Student Management System 1.0
Exploit-DB
Command School Student Management System - '/sw/admin_school_names.php?id' SQL Injection
exploitdb·2014-01-07
CVE-2014-1636 Command School Student Management System - '/sw/admin_school_names.php?id' SQL Injection
Command School Student Management System - '/sw/admin_school_names.php?id' SQL Injection
---
source: https://www.securityfocus.com/bid/64707/info
Command School Student Management System is prone to the following security vulnerabilities:
1. Multiple SQL-injection vulnerabilities
2. A cross-site request forgery vulnerability
3. A cross-site scripting vulnerability
4. An HTML injection vulnerability
5. A security-bypass vulnerability
Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
Command School Student Management Syste
Exploit-DB
Command School Student Management System - '/sw/admin_generations.php?id' SQL Injection
exploitdb·2014-01-07
CVE-2014-1636 Command School Student Management System - '/sw/admin_generations.php?id' SQL Injection
Command School Student Management System - '/sw/admin_generations.php?id' SQL Injection
---
source: https://www.securityfocus.com/bid/64707/info
Command School Student Management System is prone to the following security vulnerabilities:
1. Multiple SQL-injection vulnerabilities
2. A cross-site request forgery vulnerability
3. A cross-site scripting vulnerability
4. An HTML injection vulnerability
5. A security-bypass vulnerability
Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
Command School Student Management System
Exploit-DB
Command School Student Management System - '/sw/admin_school_years.php?id' SQL Injection
exploitdb·2014-01-07
CVE-2014-1636 Command School Student Management System - '/sw/admin_school_years.php?id' SQL Injection
Command School Student Management System - '/sw/admin_school_years.php?id' SQL Injection
---
source: https://www.securityfocus.com/bid/64707/info
Command School Student Management System is prone to the following security vulnerabilities:
1. Multiple SQL-injection vulnerabilities
2. A cross-site request forgery vulnerability
3. A cross-site scripting vulnerability
4. An HTML injection vulnerability
5. A security-bypass vulnerability
Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
Command School Student Management Syste
Exploit-DB
Command School Student Management System - '/sw/admin_relations.php?id' SQL Injection
exploitdb·2014-01-07
CVE-2014-1636 Command School Student Management System - '/sw/admin_relations.php?id' SQL Injection
Command School Student Management System - '/sw/admin_relations.php?id' SQL Injection
---
source: https://www.securityfocus.com/bid/64707/info
Command School Student Management System is prone to the following security vulnerabilities:
1. Multiple SQL-injection vulnerabilities
2. A cross-site request forgery vulnerability
3. A cross-site scripting vulnerability
4. An HTML injection vulnerability
5. A security-bypass vulnerability
Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
Command School Student Management System 1
Exploit-DB
Command School Student Management System - '/sw/admin_grades.php?id' SQL Injection
exploitdb·2014-01-07
CVE-2014-1636 Command School Student Management System - '/sw/admin_grades.php?id' SQL Injection
Command School Student Management System - '/sw/admin_grades.php?id' SQL Injection
---
source: https://www.securityfocus.com/bid/64707/info
Command School Student Management System is prone to the following security vulnerabilities:
1. Multiple SQL-injection vulnerabilities
2. A cross-site request forgery vulnerability
3. A cross-site scripting vulnerability
4. An HTML injection vulnerability
5. A security-bypass vulnerability
Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
Command School Student Management System 1.06
Exploit-DB
Command School Student Management System - '/sw/health_allergies.php?id' SQL Injection
exploitdb·2014-01-07
CVE-2014-1636 Command School Student Management System - '/sw/health_allergies.php?id' SQL Injection
Command School Student Management System - '/sw/health_allergies.php?id' SQL Injection
---
source: https://www.securityfocus.com/bid/64707/info
Command School Student Management System is prone to the following security vulnerabilities:
1. Multiple SQL-injection vulnerabilities
2. A cross-site request forgery vulnerability
3. A cross-site scripting vulnerability
4. An HTML injection vulnerability
5. A security-bypass vulnerability
Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
Command School Student Management System
Exploit-DB
Command School Student Management System - '/sw/admin_infraction_codes.php?id' SQL Injection
exploitdb·2014-01-07
CVE-2014-1636 Command School Student Management System - '/sw/admin_infraction_codes.php?id' SQL Injection
Command School Student Management System - '/sw/admin_infraction_codes.php?id' SQL Injection
---
source: https://www.securityfocus.com/bid/64707/info
Command School Student Management System is prone to the following security vulnerabilities:
1. Multiple SQL-injection vulnerabilities
2. A cross-site request forgery vulnerability
3. A cross-site scripting vulnerability
4. An HTML injection vulnerability
5. A security-bypass vulnerability
Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
Command School Student Management S
Exploit-DB
Command School Student Management System - '/sw/admin_terms.php?id' SQL Injection
exploitdb·2014-01-07
CVE-2014-1636 Command School Student Management System - '/sw/admin_terms.php?id' SQL Injection
Command School Student Management System - '/sw/admin_terms.php?id' SQL Injection
---
source: https://www.securityfocus.com/bid/64707/info
Command School Student Management System is prone to the following security vulnerabilities:
1. Multiple SQL-injection vulnerabilities
2. A cross-site request forgery vulnerability
3. A cross-site scripting vulnerability
4. An HTML injection vulnerability
5. A security-bypass vulnerability
Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
Command School Student Management System 1.06.
Exploit-DB
Command School Student Management System - '/sw/admin_titles.php?id' SQL Injection
exploitdb·2014-01-07
CVE-2014-1636 Command School Student Management System - '/sw/admin_titles.php?id' SQL Injection
Command School Student Management System - '/sw/admin_titles.php?id' SQL Injection
---
source: https://www.securityfocus.com/bid/64707/info
Command School Student Management System is prone to the following security vulnerabilities:
1. Multiple SQL-injection vulnerabilities
2. A cross-site request forgery vulnerability
3. A cross-site scripting vulnerability
4. An HTML injection vulnerability
5. A security-bypass vulnerability
Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
Command School Student Management System 1.06
Exploit-DB
Command School Student Management System - '/sw/admin_media_codes_1.php?id' SQL Injection
exploitdb·2014-01-07
CVE-2014-1636 Command School Student Management System - '/sw/admin_media_codes_1.php?id' SQL Injection
Command School Student Management System - '/sw/admin_media_codes_1.php?id' SQL Injection
---
source: https://www.securityfocus.com/bid/64707/info
Command School Student Management System is prone to the following security vulnerabilities:
1. Multiple SQL-injection vulnerabilities
2. A cross-site request forgery vulnerability
3. A cross-site scripting vulnerability
4. An HTML injection vulnerability
5. A security-bypass vulnerability
Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
Command School Student Management Syst
Exploit-DB
Command School Student Management System - '/sw/admin_subjects.php?id' SQL Injection
exploitdb·2014-01-07
CVE-2014-1636 Command School Student Management System - '/sw/admin_subjects.php?id' SQL Injection
Command School Student Management System - '/sw/admin_subjects.php?id' SQL Injection
---
source: https://www.securityfocus.com/bid/64707/info
Command School Student Management System is prone to the following security vulnerabilities:
1. Multiple SQL-injection vulnerabilities
2. A cross-site request forgery vulnerability
3. A cross-site scripting vulnerability
4. An HTML injection vulnerability
5. A security-bypass vulnerability
Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
Command School Student Management System 1.
http://osvdb.org/101874http://osvdb.org/101875http://osvdb.org/101876http://osvdb.org/101877http://osvdb.org/101878http://osvdb.org/101879http://osvdb.org/101880http://osvdb.org/101881http://osvdb.org/101882http://osvdb.org/101883http://osvdb.org/101884http://osvdb.org/101885http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.htmlhttp://www.securityfocus.com/bid/64707https://exchange.xforce.ibmcloud.com/vulnerabilities/90175http://osvdb.org/101874http://osvdb.org/101875http://osvdb.org/101876http://osvdb.org/101877http://osvdb.org/101878http://osvdb.org/101879http://osvdb.org/101880http://osvdb.org/101881http://osvdb.org/101882http://osvdb.org/101883http://osvdb.org/101884http://osvdb.org/101885http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.htmlhttp://www.securityfocus.com/bid/64707https://exchange.xforce.ibmcloud.com/vulnerabilities/90175
2014-01-22
Published