CVE-2009-2598
- EPSS 0.17%
- Veröffentlicht 27.07.2009 14:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute...
CVE-2009-2037
- EPSS 3.02%
- Veröffentlicht 12.06.2009 18:00:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple directory traversal vulnerabilities in Online Grades & Attendance 3.2.5 and earlier, and possibly 3.2.6, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) GLOB...
CVE-2009-0452
- EPSS 0.17%
- Veröffentlicht 10.02.2009 07:00:23
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple SQL injection vulnerabilities in parents/login.php in Online Grades 3.2.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameter.
- EPSS 5.37%
- Veröffentlicht 10.02.2009 07:00:23
- Zuletzt bearbeitet 09.04.2025 00:30:58
Online Grades 3.2.4 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
CVE-2009-0479
- EPSS 0.15%
- Veröffentlicht 09.02.2009 01:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple SQL injection vulnerabilities in admin/admin_login.php in Online Grades 3.2.4 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pword parameter. NOTE: the provenance of this information is unknown; the detail...