19 lines
No EOL
978 B
Text
19 lines
No EOL
978 B
Text
source: http://www.securityfocus.com/bid/64720/info
|
|
|
|
Dredge School Administration System is prone to the following security vulnerabilities:
|
|
|
|
1. An SQL-injection vulnerability
|
|
2. A cross-site request forgery vulnerability
|
|
3. A cross-site scripting vulnerability
|
|
4. An information-disclosure vulnerability
|
|
5. A security-bypass vulnerability
|
|
|
|
Exploiting these issues could allow an attacker to execute arbitrary script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, obtain sensitive information or bypass certain security restrictions to perform unauthorized actions.
|
|
|
|
Dredge School Administration System 1.0 is vulnerable; other versions may also be affected.
|
|
|
|
<html>
|
|
<title>Iphobos Blog</title>
|
|
<label><a href="http://www.example.com/DSM/loader.php?load=data export
|
|
send&tableid=3" class="button white">Export Accounts</a></label>
|
|
</html> |