CVE-2014-1637

Published: Jan 22, 2014Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Command School Student Management System 1.06.01 does not properly restrict access to sw/backup/backup_ray2.php, which allows remote attackers to download a database backup via a direct request.

Affected (1)

Products: Doug Poulin: Command School Student Management System

Doug Poulin

1 product

Command School Student Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Doug Poulin Command School Student Management System	Version 1.06.01

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://osvdb.org/101888

Source: cve@mitre.org

http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/64707

Source: cve@mitre.org

http://osvdb.org/101888

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/64707

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.