Course MS Cross Site Scripting, SQL Injection And Local File Include Vulnerabilities Network Vulnerability

Summary

Course Registration Management System is prone to multiple input- validation vulnerabilities, including: 1. Multiple cross-site scripting vulnerabilities 2. An SQL-injection vulnerability 3. A local file-include vulnerability Exploiting these issues could allow an attacker to execute arbitrary script code and PHP code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Course Registration Management System 2.1 is vulnerable other versions may also be affected.

References

http://sourceforge.net/projects/coursems/
https://www.securityfocus.com/bid/46495

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ASP-Dev XM Event Diary Multiple Vulnerabilities
Astium VoIP PBX SQL Injection Vulnerability
A Really Simple Chat Multiple SQL Injection Vulnerabilities
Apache Tomcat /servlet Cross Site Scripting
Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities

Course MS Cross Site Scripting, SQL Injection and Local File Include Vulnerabilities

Take action and discover your vulnerabilities