CVE-2022-43319

An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files...

CVE-2022-43319

An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files...

Information disclosure

An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files...

CVE-2022-43319

An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files...

CVE-2022-43319

An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files...

CVE-2022-43319

CVE-2022-43319 affects Simple E-Learning System v1.0. The vulnerability resides in the endpoint vcs/downloadFiles.php?download=./search.php, enabling an attacker to read arbitrary files and thus disclose confidential data. The reported impact is High confidentiality loss (CVSS v3.1: AV:N/AC:L/PR:...

PT-2022-26845 · Unknown · Simple E-Learning System

Name of the Vulnerable Software and Affected Versions: Simple E-Learning System version 1.0 Description: An information disclosure issue exists in the component "vcs/downloadFiles.php?download=./search.php" of Simple E-Learning System, allowing attackers to read arbitrary files. Recommendations:...

CVE-2022-42925

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker with the role of student to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection...

CVE-2022-41681

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker with the role of student to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection...

CVE-2022-40872

An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode...

Sql injection

An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode...

PT-2022-25597 · Unknown · Sourcecodester Simple E-Learning System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Simple E-Learning System version 1.0 Description: A SQL injection issue was found in the /vcs/classRoom.php endpoint, specifically with the classCode parameter. This allows for potential SQL injection attacks. Recommendations:...

Simple E-Learning System SQL注入漏洞

Simple E-Learning System is a simple e-learning system. version 1.0 of Simple E-Learning System is vulnerable to SQL injection, which stems from the presence of SQL injection in classCode. No detailed vulnerability details are available at this time...

CVE-2022-40872

An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode...

CVE-2022-40872

An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode...

CVE-2022-40872

Sourcecodester Simple E-Learning System 1.0 is affected by an SQL injection in the /vcs/classRoom.php?classCode= endpoint. The root cause is unsafely handling the classCode parameter, enabling an attacker to induce high-severity impact to confidentiality, integrity, and availability (CVSS v3.1: 9...

Chamilo LMS 代码问题漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS v1.11, which stems from a zip...

aEnrich eHRD Learning Management Key Performance Indicator System 5.x 安全漏洞

aEnrich eHRD Learning Management Key Performance Indicator System 5+ is a web-based Learning Management System LMS from aEnrich Corporation in China. A security vulnerability exists in the aEnrich eHRD Learning Management Key Performance Indicator System version 5.x, which originates from exposin...

Simple E-Learning System SQL Injection Vulnerability (CNVD-2023-11439)

Simple E-Learning System is a simple e-learning system from Carlo Montero's personal developer. simple E-Learning System is vulnerable to SQL injection due to a lack of validation of external input SQL statements in the search.php parameter searchPost. . An attacker could use this vulnerability t...

Simple E-Learning System Cross-Site Scripting Vulnerability (CNVD-2023-11440)

Simple E-Learning System is a simple e-learning system from Carlo Montero's personal developer. Simple E-Learning System is vulnerable to a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter Bio in the file...