CVE-2014-1636
Command School Student Management System 1.06.01 - SQL Injection
Title source: llmDescription
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
Exploits (12)
exploitdb
WRITEUP
VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38953
exploitdb
WRITEUP
VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38952
exploitdb
WRITEUP
VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38945
exploitdb
WORKING POC
VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38955
exploitdb
WORKING POC
VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38947
exploitdb
WRITEUP
VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38946
exploitdb
WRITEUP
VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38954
exploitdb
WORKING POC
VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38951
exploitdb
WRITEUP
VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38948
exploitdb
WRITEUP
VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38949
exploitdb
WRITEUP
VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38944
exploitdb
WRITEUP
VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38950
References (15)
Core 15
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/101879
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/101884
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/101883
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/101885
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/101874
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/101881
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/101878
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90175
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/101877
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/64707
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/101880
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/101882
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/101876
Exploit x_refsource_misc
http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/101875
Scores
EPSS
0.0354
EPSS Percentile
87.7%
Details
CWE
CWE-89
Status
published
Products (1)
doug_poulin/command_school_student_management_system
1.06.01
Published
Jan 22, 2014
Tracked Since
Feb 18, 2026