CVE-2014-1637

Опубликовано: 22 янв. 2014

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Command School Student Management System 1.06.01 does not properly restrict access to sw/backup/backup_ray2.php, which allows remote attackers to download a database backup via a direct request.

Ссылки

http://osvdb.org/101888
http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html
http://www.securityfocus.com/bid/64707
http://osvdb.org/101888
http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html
http://www.securityfocus.com/bid/64707

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:doug_poulin:command_school_student_management_system:1.06.01:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.0638

Низкий

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-8pgq-587r-5r5g

github

больше 3 лет назад