mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 11:06:19 +00:00
1.0 KiB
1.0 KiB
CVE-2014-1636
Description
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
POC
Reference
Github
No PoCs found on GitHub currently.