First published: Thu Aug 08 2019(Updated: )
Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Open-school Open-school | =2.3 | |
Open-school Open-school | =3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-14754 is a vulnerability in Open-School 3.0 and Community Edition 2.3 that allows SQL Injection via the index.php?r=students/students/document id parameter.
CVE-2019-14754 has a severity rating of 9.8, which is considered critical.
Open-School versions 2.3 and 3.0, both the Community Edition, are affected by CVE-2019-14754.
SQL Injection in Open-School can be exploited by manipulating the 'document id' parameter in the URL 'index.php?r=students/students'.
At the moment, there is no official fix available for CVE-2019-14754. It is recommended to apply updates or patches from the software vendor when they are released.