Unrated severityNVD Advisory· Published Jan 22, 2014· Updated Apr 29, 2026

CVE-2014-1636

Description

Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.

Affected products

Doug Poulin/Command School Student Management System
cpe:2.3:a:doug_poulin:command_school_student_management_system:1.06.01:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.htmlnvdExploit
osvdb.org/101874nvd
osvdb.org/101875nvd
osvdb.org/101876nvd
osvdb.org/101877nvd
osvdb.org/101878nvd
osvdb.org/101879nvd
osvdb.org/101880nvd
osvdb.org/101881nvd
osvdb.org/101882nvd
osvdb.org/101883nvd
osvdb.org/101884nvd
osvdb.org/101885nvd
www.securityfocus.com/bid/64707nvd
exchange.xforce.ibmcloud.com/vulnerabilities/90175nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000