CVE-2014-1915

Name of the Vulnerable Software and Affected Versions Command School Student Management System version 1.06.01

Description The issue affects the Command School Student Management System, allowing remote attackers to exploit multiple cross-site request forgery (CSRF) vulnerabilities. This can lead to the hijacking of administrator authentication for changing passwords via the "sw/admin change password.php" API endpoint or adding topics and blog entries to "sw/add topic.php".

Recommendations For Command School Student Management System version 1.06.01, consider disabling access to the sw/admin change password.php and sw/add topic.php API endpoints until a patch is available to prevent exploitation. Restrict the use of these endpoints to minimize the risk of authentication hijacking.