5 results (0.003 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

05 Jul 2024 — An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the HTTP Response Header Settings component. Un problema en Eskooly Free Online School Management Software v.3.0 y anteriores permite a un atacante remoto escalar privilegios a través del componente HTTP Response Header Settings. • https://blog.be-hacktive.com/eskooly-cve/cve-2024-27713-protection-mechanism-failure-in-eskooly-web-product-less-than-v3.0 • CWE-693: Protection Mechanism Failure •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

05 Jul 2024 — SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute arbitrary code via the searchby parameter of the allstudents.php component and the id parameter of the requestmanager.php component. Vulnerabilidad de inyección SQL en Eskooly Web Product v.3.0 permite a un atacante remoto ejecutar código de su elección mediante el parámetro searchby del componente allstudents.php y el parámetro id del componente requestmanager.php. • https://blog.be-hacktive.com/eskooly-cve/cve-2024-27709-sql-injection-in-eskooly-web-product-v.3.0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

05 Jul 2024 — Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and before allows a remote attacker to execute arbitrary code via the message sending and user input fields. Vulnerabilidad de Cross Site Scripting en Eskooly Web Product v.3.0 y anteriores permite a un atacante remoto ejecutar código arbitrario a través de los campos de envío de mensajes y de entrada del usuario. • https://blog.be-hacktive.com/eskooly-cve/cve-2024-27716-cross-site-scripting-xss-in-eskooly-web-product-less-than-v3.0 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

05 Jul 2024 — Cross Site Request Forgery vulnerability in Eskooly Free Online School Management Software v.3.0 and before allows a remote attacker to escalate privileges via the Token Handling component. Vulnerabilidad de Cross Site Request Forgery en Eskooly Free Online School Management Software v.3.0 y anteriores permite a un atacante remoto escalar privilegios a través del componente Token Handling. • https://blog.be-hacktive.com/eskooly-cve/cve-2024-27717-cross-site-request-forgery-csrf-in-eskooly-web-product-less-than-v3.0 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

05 Jul 2024 — An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via a crafted request to the Password Change mechanism. Un problema en Eskooly Free Online School Management Software v.3.0 y anteriores permite a un atacante remoto escalar privilegios mediante una solicitud manipulada al mecanismo de cambio de contraseña. • https://blog.be-hacktive.com/eskooly-cve/cve-2024-27715-inadequate-password-update-verification-in-eskooly-web-product-less-than-v3.0 • CWE-620: Unverified Password Change •