SHARE
TWEET

CVE-2019-14754

a guest Aug 8th, 2019 384 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. CVE-2019-14754
  2.  
  3. >[Description]
  4.  > Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter.
  5.  >
  6.  > ------------------------------------------
  7.  >
  8.  > [Vulnerability Type]
  9.  > SQL Injection
  10.  >
  11.  > ------------------------------------------
  12.  >
  13.  > [Vendor of Product]
  14.  > https://open-school.org
  15.  >
  16.  > ------------------------------------------
  17.  >
  18.  > [Affected Product Code Base]
  19.  > Open-School Community Edition - 2.3
  20.  > Open-School - 3.0
  21.  >
  22.  > ------------------------------------------
  23.  >
  24.  > [Attack Type]
  25.  > Remote
  26.  >
  27.  > ------------------------------------------
  28.  >
  29.  > [Impact Code execution]
  30.  > true
  31.  >
  32.  > ------------------------------------------
  33.  >
  34.  > [Impact Information Disclosure]
  35.  > true
  36.  >
  37.  > ------------------------------------------
  38.  >
  39.  > [Attack Vectors]
  40.  > inject SQL query in id parameter
  41.  >
  42.  > ------------------------------------------
  43.  >
  44.  > [Reference]
  45.  > https://open-school.org
  46.  
  47. CVE-2019-14754.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top