SQL Injection Vulnerability in SchoolBoard Admin Panel
CVE-2007-2626

Currently unrated

Key Information:

Vendor: Free PHP Scripts
Status: Schoolboard
Vendor: CVE Published:; 11 May 2007

What is CVE-2007-2626?

The vulnerability in the SchoolBoard application arises from insufficient validation of input parameters in the admin.php file. Attackers can exploit this flaw to execute arbitrary SQL commands, leveraging uncontrolled input from the parameters intended for user authentication. While initial reports indicated potential exposure through username and password fields, further scrutiny reveals that only the password parameter is directly involved in the vulnerability. This can lead to unauthorized access or manipulation of the underlying database.

References

http://www.securityfocus.com/archive/1/467486/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/23798

vdb-entryx_refsource_BID

http://osvdb.org/36162

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
May 11, 2007
Vulnerability Reserved
May 11, 2007

Free PHP Scripts

What is CVE-2007-2626?

References

Timeline