CVE-2007-1044

Pearson Education PowerSchool <5.1.2 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1044. PoCs published by gheetotank.

AI-analyzed exploit summary The exploit describes an information disclosure vulnerability in PowerSchool where administrative session variables are exposed via a specific URL. This can aid attackers in further exploits.

Description

Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an arbitrary filename ending in ".js." NOTE: it was later reported that this issue had been addressed by 5.1.2.

Exploits (1)

exploitdb WRITEUP VERIFIED
by gheetotank · textwebappsphp
https://www.exploit-db.com/exploits/29615

The exploit describes an information disclosure vulnerability in PowerSchool where administrative session variables are exposed via a specific URL. This can aid attackers in further exploits.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: PowerSchool 4.3.6, 5.1.2
No auth needed
Prerequisites: Access to the target URL
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/33741
Exploit third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2276
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/32569
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/484569/100/200/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22611
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/460533/100/0/threaded

Scores

EPSS 0.0854
EPSS Percentile 94.4%

Details

CWE
CWE-200
Status published
Products (1)
pearson_education/powerschool 4.3.6
Published Feb 21, 2007
Tracked Since Feb 18, 2026