Guest User

CVE-2019-14754

a guest
Aug 8th, 2019
928
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. CVE-2019-14754
  2.  
  3. >[Description]
  4. > Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter.
  5. >
  6. > ------------------------------------------
  7. >
  8. > [Vulnerability Type]
  9. > SQL Injection
  10. >
  11. > ------------------------------------------
  12. >
  13. > [Vendor of Product]
  14. > https://open-school.org
  15. >
  16. > ------------------------------------------
  17. >
  18. > [Affected Product Code Base]
  19. > Open-School Community Edition - 2.3
  20. > Open-School - 3.0
  21. >
  22. > ------------------------------------------
  23. >
  24. > [Attack Type]
  25. > Remote
  26. >
  27. > ------------------------------------------
  28. >
  29. > [Impact Code execution]
  30. > true
  31. >
  32. > ------------------------------------------
  33. >
  34. > [Impact Information Disclosure]
  35. > true
  36. >
  37. > ------------------------------------------
  38. >
  39. > [Attack Vectors]
  40. > inject SQL query in id parameter
  41. >
  42. > ------------------------------------------
  43. >
  44. > [Reference]
  45. > https://open-school.org
  46.  
  47. CVE-2019-14754.
RAW Paste Data