header-logo
Suggest Exploit
vendor:
School Management Software
by:
İhsan Şencan
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: School Management Software
Affected Version From: v2.75
Affected Version To: v2.75
Patch Exists: NO
Related CWE: N/A
CPE: a:itechscripts:school_management_software
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2017

School Management Software v2.75 – SQL Injection Web Vulnerability

The vulnerability exists in the School Management Software v2.75, where an attacker can inject malicious SQL queries via the 'aid' parameter in the 'notice-edit.php' file. Other files may also be vulnerable.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.
Source

Exploit-DB raw data:

# # # # # 
# Vulnerability: School Management Software v2.75 - SQL Injection Web Vulnerability
# Google Dork: School Management Software
# Date:11.01.2017
# Vendor Homepage: http://itechscripts.com/school-management-software/
# Script Name: School Management Software
# Script Version: v2.75
# Script Buy Now: http://itechscripts.com/school-management-software/
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
# 
# SQL Injection/Exploit :
# http://localhost/[PATH]//notice-edit.php?aid=[SQL]
# E.t.c.... Other files, too. There are security vulnerabilities.
# # # # #

Navigation

Suggest Exploit

Services By CQR