CyberSec.Space Logo
Back to CVE Browser

CVE-2019-11196

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0200%
EPSS Percentile27.08th
PublishedApr 12, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

An authentication bypass vulnerability in all versions of ValuePLUS Integrated University Management System (IUMS) allows unauthenticated, remote attackers to gain administrator privileges via the Teachers Web Panel (TWP) User ID or Password field. If exploited, the attackers could perform any actions with administrator privileges (e.g., enumerate/delete all the students' personal information or modify various settings).

Affected Platforms (CPE)

📦
Vpcsbd

Integrated University Management System

All versions

References & Advisories

🔗 https://blog.ziaurrashid.com/sql-injection-auth-bypass-on-iums/
🔗 https://blog.ziaurrashid.com/sql-injection-auth-bypass-on-iums/

Related Vulnerabilities

CVE-2018-26305.4

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Security...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2019-1068610.0

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port ...

CVE-2019-420210.0

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted requ...