CVE-2009-2598
- EPSS 0.89%
- Veröffentlicht 27.07.2009 14:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:47
Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute...
CVE-2009-2037
- EPSS 2.12%
- Veröffentlicht 12.06.2009 18:00:00
- Zuletzt bearbeitet 16.06.2026 23:08:37
Multiple directory traversal vulnerabilities in Online Grades & Attendance 3.2.5 and earlier, and possibly 3.2.6, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) GLOB...
CVE-2009-0452
- EPSS 1.94%
- Veröffentlicht 10.02.2009 07:00:23
- Zuletzt bearbeitet 16.06.2026 23:05:04
Multiple SQL injection vulnerabilities in parents/login.php in Online Grades 3.2.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameter.
- EPSS 2.62%
- Veröffentlicht 10.02.2009 07:00:23
- Zuletzt bearbeitet 16.06.2026 23:05:04
Online Grades 3.2.4 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
CVE-2009-0479
- EPSS 0.91%
- Veröffentlicht 09.02.2009 01:30:00
- Zuletzt bearbeitet 16.06.2026 23:05:07
Multiple SQL injection vulnerabilities in admin/admin_login.php in Online Grades 3.2.4 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pword parameter. NOTE: the provenance of this information is unknown; the detail...