CVE-2008-1549

EUVD-2008-1550
Multiple SQL injection vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to execute arbitrary SQL commands via the (1) GrdBk parameter to GradebookOptions.asp and the (2) SchlCode variable to loginproc.asp, a different vector than CVE-2008-0942.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
aeriesaeries_student_information_system
3.8.3.14
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/29533
http://securityreason.com/securityalert/3787
http://www.securityfocus.com/archive/1/490033/100/0/threaded
http://www.securityfocus.com/bid/28436
https://exchange.xforce.ibmcloud.com/vulnerabilities/41429
http://secunia.com/advisories/29533
http://securityreason.com/securityalert/3787
http://www.securityfocus.com/archive/1/490033/100/0/threaded
http://www.securityfocus.com/bid/28436
https://exchange.xforce.ibmcloud.com/vulnerabilities/41429