header-logo
Suggest Exploit
vendor:
Aeries Student Information System
by:
SecurityFocus
8.8
CVSS
HIGH
SQL-injection and HTML-injection
89, 79
CWE
Product Name: Aeries Student Information System
Affected Version From: 3.8.2.8
Affected Version To: 3.7.2.2
Patch Exists: YES
Related CWE: N/A
CPE: aeries:aeries_student_information_system
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Aeries Student Information System Multiple Input Validation Vulnerabilities

Aeries Student Information System is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and an HTML-injection issue, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to execute unintended commands or access data that is not intended to be accessed.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/27924/info
   
Aeries Student Information System is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and an HTML-injection issue, because it fails to sufficiently sanitize user-supplied data.
   
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
   
These issues affect Aeries Student Information System 3.8.2.8 and 3.7.2.2; other versions may also be affected.

http://www.example.com/GradebookStuScores.asp?GrdBk=SQL

Navigation

Suggest Exploit

Services By CQR