Lucene search
K

3644 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 p.m.5 views

CVE-2017-20274

Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cpid parameter. Attackers can send GET requests to index.php with the option=comlmsking, view=lmsking,...

8.8CVSS6AI score0.00237EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/19 4:31 p.m.11 views

CVE-2017-20274

CVE-2017-20274 affects Joomla LMS King Professional 3.2.4.0. It enables unauthenticated SQL injection via the cp_id parameter in index.php when using option=com_lmsking, view=lmsking, layout=learningpath, and task=learningPath, allowing manipulation of queries and extraction of sensitive database...

8.8CVSS6AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 4:31 p.m.4 views

EUVD-2017-19001

Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cpid parameter. Attackers can send GET requests to index.php with the option=comlmsking, view=lmsking,...

8.8CVSS6AI score0.00237EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.11 views

PT-2026-50955

Name of the Vulnerable Software and Affected Versions Joomla LMS King Professional version 3.2.4.0 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code. This is achieved by sending GET requests to the 'index.php' endpoint using the...

8.8CVSS5.9AI score0.00237EPSS
Exploits0References5
NVD
NVD
added 2026/06/18 2:17 p.m.10 views

CVE-2026-40456

An OS Command Injection vulnerability exists in LMS LAN Management System before commit 9fcb4de due to an IP address parameter being passed to the "exec" function without proper validation, allowing attackers to execute arbitrary operating system commands...

8.6CVSS0.00947EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/18 10:58 a.m.5 views

CVE-2026-40457

A Reflected Cross-Site Scripting XSS vulnerability exists in LMS LAN Management System before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an...

8.6CVSS5.3AI score0.00318EPSS
Exploits0References4
CVE
CVE
added 2026/06/18 10:58 a.m.17 views

CVE-2026-40457

The CVE-2026-40457 entry describes a Reflected XSS in LMS (LAN Management System) prior to commit 9c5651b in the dbrecover.php and netremap.php modules, where unsanitized GET parameters are embedded into HTML output. This enables an attacker to inject arbitrary JavaScript when an authenticated us...

2.1CVSS5.3AI score0.00318EPSS
Exploits0References3
CVE
CVE
added 2026/06/18 10:58 a.m.25 views

CVE-2026-40456

CVE-2026-40456 affects LMS (LAN Management System). The vulnerability is an OS command injection in the IP address parameter passed to exec() before commit 9fcb4de, enabling arbitrary command execution. Root cause is improper validation of the IP address input. Impact indicators from the provided...

8.6CVSS5.8AI score0.00947EPSS
Exploits0References3
NVD
NVD
added 2026/06/18 6:16 a.m.10 views

CVE-2026-10736

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 3.9.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00363EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/18 5:34 a.m.27 views

CVE-2026-10736 Tutor LMS <= 3.9.11 - Authenticated (Administrator+) SQL Injection via 'data' Parameter

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 3.9.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00363EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/06/18 5:34 a.m.6 views

CVE-2026-10736

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 3.9.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS5.8AI score0.00363EPSS
Exploits0References11
CVE
CVE
added 2026/06/18 5:34 a.m.20 views

CVE-2026-10736

CVE-2026-10736 affects the WordPress plugin Tutor LMS (eLearning and online course solution). All versions up to and including 3.9.11 are vulnerable to a generic SQL Injection via the 'data' parameter due to insufficient escaping and inadequate preparation of the SQL query. This can let an authen...

4.9CVSS5.9AI score0.00363EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37655

Unauthenticated SQL Injection in Tutor LMS Pro = 3.9.6 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/17 5:23 p.m.7 views

WordPress Tutor LMS – eLearning and online course solution plugin <= 3.9.11 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by s1kr10s - Nayrox in WordPress Plugin Tutor LMS versions = 3.9.11...

4.9CVSS5.9AI score0.00363EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/17 9:50 a.m.11 views

CVE-2026-22332

CVE-2026-22332 covers an unauthenticated SQL injection in WordPress Tutor LMS Pro plugin versions up to 3.9.6. The CVE entry and Patchstack reference document this vulnerability (including a CVSS v3.1 base score of 9.3, CRITICAL) affecting Tutor LMS Pro &lt;=3.9.6, with exploitation status not pr...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.31 views

CVE-2026-22332 WordPress Tutor LMS Pro plugin <= 3.9.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in Tutor LMS Pro = 3.9.6 versions...

9.3CVSS0.00283EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 9:24 p.m.13 views

CVE-2026-39598

CVE-2026-39598 concerns WordPress Academy LMS Pro plugin (pre-3.5.2). The vulnerability is an Unrestricted Upload of File with a Dangerous Type, enabling an attacker to upload a web shell to the web server. Affected: Academy LMS Pro prior to 3.5.2. CVSS 3.1 metrics indicate NETWORK attack Vector,...

8CVSS5.2AI score0.00221EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 9:24 p.m.20 views

CVE-2026-39598 WordPress Academy LMS Pro plugin < 3.5.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2...

8CVSS0.00221EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.12 views

PT-2026-50109

Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2...

8CVSS5.3AI score0.00221EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36976

Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...

8.5CVSS5.7AI score0.00332EPSS
Exploits0References2
Rows per page
Query Builder