CVE-2014-1636

critical

Description

Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/90175

http://www.securityfocus.com/bid/64707

http://osvdb.org/101885

http://osvdb.org/101884

http://osvdb.org/101883

http://osvdb.org/101882

http://osvdb.org/101881

http://osvdb.org/101880

http://osvdb.org/101879

http://osvdb.org/101878

http://osvdb.org/101877

http://osvdb.org/101876

http://osvdb.org/101875

http://osvdb.org/101874

Details

Source: Mitre, NVD

Published: 2014-01-22

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.07256