2146 matches found
Masteriyo LMS <= 1.7.3 - Insecure Direct Object Reference
Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3. id: CVE-2024-33939 info: name: Masteriyo LMS = 1.7.3 - Insecure Direct Object Reference author:...
LearnPress < 4.2.7.4 - Course Material - Information Disclosure
LearnPress – WordPress LMS Plugin contains a sensitive information exposure caused by insecure handling in class-lp-rest-material-controller.php, letting unauthenticated attackers extract paid course material, exploit requires no authentication. id: CVE-2024-11868 info: name: LearnPress 4.2.7.4 -...
CVE-2026-14772 SourceCodester Class and Exam Timetabling System edit_course1.php sql injection
A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The impacted element is an unknown function of the file /editcourse1.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...
CVE-2026-14772
CVE-2026-14772 affects SourceCodester Class and Exam Timetabling System 1.0/1.php. The vulnerability is a SQL injection in the edit_course1.php file, triggered by manipulating the ID parameter, indicating an unsafe query construction in that function. The issue is exploitable remotely and the pub...
CVE-2026-14641
A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /editcourse.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit h...
CVE-2026-14641 SourceCodester Class and Exam Timetabling System edit_course.php sql injection
A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /editcourse.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit h...
EUVD-2026-41689
A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /editcourse.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit h...
CVE-2026-14641
SourceCodester Class and Exam Timetabling System 1.0 is affected by a SQL injection in the unknown functionality of /edit_course.php, triggered by manipulating the ID parameter. The vulnerability can be exploited remotely and has publicly disclosed exploits. The exact affected component, impact s...
PT-2026-55724
Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description An issue exists in the /edit course.php endpoint where manipulation of the ID variable allows for remote SQL injection. SQL injection is a technique where malicious SQL...
CVE-2026-5348
The CVE concerns the WordPress plugin Academy LMS (WordPress LMS Plugin for Complete eLearning Solution) up to version 3.8.1. The root cause is the REST API endpoint /topics being registered with a permission callback of __return_true, which permits unauthenticated access to course curriculum dat...
CVE-2026-5348 Academy LMS <= 3.8.1 - Unauthenticated Insecure Direct Object Reference to Private Topic Disclosure
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.8.1. This is due to the '/topics' REST API endpoint being registered with a permission callback set to 'returntrue',...
CVE-2026-5348
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.8.1. This is due to the '/topics' REST API endpoint being registered with a permission callback set to 'returntrue',...
EUVD-2026-40906
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.9.1 via the 'userId' parameter due to missing validation on a user controlled key. This makes it possible for...
CVE-2026-13566
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /preview3.php. The manipulation of the argument courseyearsection leads to sql injection. The attack may be initiated remotely. The exploit is...
CVE-2026-13566
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /preview3.php. The manipulation of the argument courseyearsection leads to sql injection. The attack may be initiated remotely. The exploit is...
EUVD-2026-40077
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /preview3.php. The manipulation of the argument courseyearsection leads to sql injection. The attack may be initiated remotely. The exploit is...
CVE-2026-13566
SourceCodester Class and Exam Timetabling System 1.0 contains an SQL injection in the /preview3.php script triggered by manipulating the course_year_section parameter. The issue is exploitable remotely, with a publicly available exploit. The provided documents do not specify the vulnerable hostin...
EUVD-2026-40024
A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0. The affected element is an unknown function of the file /preview4.php. Such manipulation of the argument courseyearsection leads to sql injection. The attack may be launched remotely. The exploit has been...
CVE-2026-13527
CVE-2026-13527 affects SourceCodester Class and Exam Timetabling System 1.0. The vulnerability is in an unknown function within /preview4.php where manipulating the argument course_year_section enables SQL injection. The attack can be launched remotely, and the exploit has been disclosed publicly...
CVE-2026-13521
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0/5.php. Affected by this vulnerability is an unknown functionality of the file /preview5.php. Such manipulation of the argument courseyearsection leads to sql injection. The attack may be performed from remote...