[] NeoSense
E X P L O I T S
title author type platform port cve id

Powerschool 4.3.6/5.1.2 - JavaScript File Request Information Disclosure

Author: gheetotank
type: webapps
platform: php
port: 
date_added: 2007-02-19 
date_updated: 2013-11-16 
verified: 1 
codes: CVE-2007-1044;OSVDB-33741 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/22611/info

Powerschool is prone to an information-disclosure vulnerability because the application discloses information about administrative session variables.

An attacker can exploit these issue to obtain sensitive information that may aid in other attacks.

This issue affects Powerschool 4.3.6; other versions may also be affected.

UPDATE: Powerschool 5.1.2 is also reportedly affected by this issue, in a limited fashion.

http://www.example.com/admin/.js
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.