← volver
CVE-2014-1636

CVE-2014-1636

EPSS 3.9%
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
Productos afectados
n/a · n/a
PoCs públicas encontradas13
cve_referencepacketstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.htmlno verificadoexploitdbwww.exploit-db.com/exploits/38950no verificadoexploitdbwww.exploit-db.com/exploits/38944no verificadoexploitdbwww.exploit-db.com/exploits/38949no verificadoexploitdbwww.exploit-db.com/exploits/38948no verificadoexploitdbwww.exploit-db.com/exploits/38951no verificadoexploitdbwww.exploit-db.com/exploits/38954no verificadoexploitdbwww.exploit-db.com/exploits/38946no verificadoexploitdbwww.exploit-db.com/exploits/38947no verificadoexploitdbwww.exploit-db.com/exploits/38955no verificadoexploitdbwww.exploit-db.com/exploits/38945no verificadoexploitdbwww.exploit-db.com/exploits/38952no verificadoexploitdbwww.exploit-db.com/exploits/38953no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://osvdb.org/101874http://osvdb.org/101875http://osvdb.org/101876http://osvdb.org/101877http://osvdb.org/101878http://osvdb.org/101879http://osvdb.org/101880http://osvdb.org/101881http://osvdb.org/101882http://osvdb.org/101883http://osvdb.org/101884http://osvdb.org/101885