Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- CVE-2019-14754
- >[Description]
- > Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter.
- >
- > ------------------------------------------
- >
- > [Vulnerability Type]
- > SQL Injection
- >
- > ------------------------------------------
- >
- > [Vendor of Product]
- > https://open-school.org
- >
- > ------------------------------------------
- >
- > [Affected Product Code Base]
- > Open-School Community Edition - 2.3
- > Open-School - 3.0
- >
- > ------------------------------------------
- >
- > [Attack Type]
- > Remote
- >
- > ------------------------------------------
- >
- > [Impact Code execution]
- > true
- >
- > ------------------------------------------
- >
- > [Impact Information Disclosure]
- > true
- >
- > ------------------------------------------
- >
- > [Attack Vectors]
- > inject SQL query in id parameter
- >
- > ------------------------------------------
- >
- > [Reference]
- > https://open-school.org
- CVE-2019-14754.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement