CVE-2014-1636

Command School Student Management System 1.06.01 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 12 public exploits for CVE-2014-1636. PoCs published by AtT4CKxT3rR0r1ST.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in Command School Student Management System, including SQL injection, CSRF, XSS, HTML injection, and security bypass. It includes a sample SQL injection payload for version disclosure but lacks executable exploit code.

Description

Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.

Exploits (12)

exploitdb WRITEUP VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38953

The provided text describes multiple vulnerabilities in Command School Student Management System, including SQL injection, CSRF, XSS, HTML injection, and security bypass. It includes a sample SQL injection payload for version disclosure but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Command School Student Management System 1.06.01
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38952

The provided text describes multiple vulnerabilities in Command School Student Management System, including SQL injection, CSRF, XSS, HTML injection, and security bypass. It includes a sample SQL injection payload but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Command School Student Management System 1.06.01
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38945

The provided text describes multiple vulnerabilities in Command School Student Management System, including SQL injection, CSRF, XSS, HTML injection, and security bypass. It includes a sample SQL injection payload but lacks functional exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Command School Student Management System 1.06.01
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38955

The exploit demonstrates a SQL injection vulnerability in Command School Student Management System by injecting a UNION-based SQL query to retrieve the database version. The provided URL example shows how an attacker can manipulate the 'id' parameter to execute arbitrary SQL commands.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Command School Student Management System 1.06.01
No auth needed
Prerequisites: Access to the vulnerable URL endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38947

The exploit demonstrates a SQL injection vulnerability in Command School Student Management System by injecting a UNION-based payload to retrieve the database version. It is a straightforward example of exploiting improper input validation.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Command School Student Management System 1.06.01
No auth needed
Prerequisites: Access to the vulnerable endpoint · Basic knowledge of SQL injection techniques
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38946

The provided text describes multiple vulnerabilities in Command School Student Management System, including SQL injection, CSRF, XSS, HTML injection, and security bypass. It includes a sample SQL injection payload but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Command School Student Management System 1.06.01
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38954

The provided text describes multiple vulnerabilities in Command School Student Management System, including SQL injection, CSRF, XSS, HTML injection, and security bypass. It includes a sample SQL injection payload but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Command School Student Management System 1.06.01
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38951

The exploit demonstrates a SQL injection vulnerability in Command School Student Management System by injecting a UNION-based SQL query to retrieve the database version. The PoC includes a crafted URL that exploits the vulnerability in the 'admin_relations.php' endpoint.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Command School Student Management System 1.06.01
No auth needed
Prerequisites: Access to the target application's URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38948

The provided text describes multiple vulnerabilities in Command School Student Management System, including SQL injection, CSRF, XSS, HTML injection, and security bypass. It includes a sample SQL injection payload but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Command School Student Management System 1.06.01
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38949

The provided text describes multiple vulnerabilities in Command School Student Management System, including SQL injection, CSRF, XSS, HTML injection, and security bypass. It includes a sample SQL injection payload for version disclosure but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Command School Student Management System 1.06.01
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38944

The provided text describes multiple vulnerabilities in Command School Student Management System, including SQL injection, CSRF, XSS, HTML injection, and security bypass. It includes a sample SQL injection payload for exploiting the vulnerability.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Command School Student Management System 1.06.01
No auth needed
Prerequisites: Access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38950

The provided text describes multiple vulnerabilities in Command School Student Management System, including SQL injection, CSRF, XSS, HTML injection, and security bypass. It includes a sample SQL injection payload but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Command School Student Management System 1.06.01
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/101879
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/101884
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/101883
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/101885
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/101874
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/101881
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/101878
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90175
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/101877
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/64707
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/101880
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/101882
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/101876
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/101875

Scores

EPSS 0.0391
EPSS Percentile 88.9%

Details

CWE
CWE-89
Status published
Products (1)
doug_poulin/command_school_student_management_system 1.06.01
Published Jan 22, 2014
Tracked Since Feb 18, 2026