Unrated severityNVD Advisory· Published Jan 22, 2014· Updated Jun 17, 2026
CVE-2014-1636
CVE-2014-1636
Description
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:doug_poulin:command_school_student_management_system:1.06.01:*:*:*:*:*:*:*
- Range: =1.06.01
Patches
Vulnerability mechanics
References
15- packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.htmlnvdExploit
- osvdb.org/101874nvd
- osvdb.org/101875nvd
- osvdb.org/101876nvd
- osvdb.org/101877nvd
- osvdb.org/101878nvd
- osvdb.org/101879nvd
- osvdb.org/101880nvd
- osvdb.org/101881nvd
- osvdb.org/101882nvd
- osvdb.org/101883nvd
- osvdb.org/101884nvd
- osvdb.org/101885nvd
- www.securityfocus.com/bid/64707nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/90175nvd
News mentions
0No linked articles in our index yet.