eClass platform < ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenview_left.php StudentID parameter.
References
Link | Resource |
---|---|
https://zeroday.hitcon.org/vulnerability/ZD-2019-00333 | Exploit Third Party Advisory |
http://surl.twcert.org.tw/eBDZP | Third Party Advisory |
https://tvn.twcert.org.tw/taiwanvn/TVN-201904005 | Third Party Advisory |
Configurations
Information
Published : 2019-07-25 10:15
Updated : 2019-10-09 16:53
NVD link : CVE-2019-9885
Mitre link : CVE-2019-9885
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
eclass
- eclass_ip