CVE-2020-14972

Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution RCE via the useremail, userpass, and id parameters on the admin login-portal and the edit-lessons webpages...

CVE-2020-14972

Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution RCE via the useremail, userpass, and id parameters on the admin login-portal and the edit-lessons webpages...

Pisay Online E-Learning System 1.0 - Remote Code Execution

Exploit Title: Pisay Online E-Learning System 1.0 - Remote Code Execution Exploit Author: Bobby Cooke Date: 2020-05-05 Vendor Homepage: https://www.sourcecodester.com/php/14192/pisay-online-e-learning-system-using-phpmysql.html Software Link:...

Pisay Online E-Learning System 1.0 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Pisay Online E-Learning System 1.0 - Remote Code Execution Exploit Author: Bobby Cooke Vendor Homepage: https://www.sourcecodester.com/php/14192/pisay-online-e-learning-system-using-phpmysql.html Software Link:...

Combining AI and Playbooks to Predict Cyberattacks

When organizations invest in AI, they are not only able to automate menial tasks like patching, but they can also create an automated system that looks for and discovers attacks, not only after the fact, but even before they occur. This predictive capability becomes increasingly necessary as...

SQL Injection Vulnerability in the Frontend of Online Learning System of Beijing Xinqi Technology Co.

Beijing Xinqi Technology Co., Ltd. is a technical service enterprise specializing in the research and development of training management software. A SQL injection vulnerability exists in the frontend of the online learning system of Beijing Xinqi Technology Co. An attacker can exploit the...

IM-Learning Intelligent Learning Management System Vulnerability in Backend

IM-Learning Intelligent Learning Management System is a web-based academy with key technologies that can be customized and extended. An arbitrary password login vulnerability exists in the backend of Guangyi East IM-Learning Intelligent Learning Management System, which can be exploited by...

ECS Online Learning System v3.1.0 SQL Injection Vulnerability in Frontend ShitiController.class.php Page

E-learning Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. A SQL injection vulnerability exists in the ShitiController.class.php page in the frontend of ECS Online Learning System v3.1.0. An attacker can exploit this vulnerability t...

SQL injection vulnerability in Nlist.aspx and Mall_Teacher.aspx pages of Xinqi Online Learning System.

Xinqi Online Learning System is an online learning platform system that can make learning plans, realize supervision and monitoring, and assist learning. A SQL injection vulnerability exists in the Nlist.aspx and MallTeacher.aspx pages of Xinqi Online Learning System. An attacker can use this...

SQL Injection Vulnerability in Xinqi Online Learning System V6.2.1

Xinqi Online Learning System is an online learning platform system that can make learning plans, realize supervision and monitoring, and assist learning. SQL injection vulnerability exists in version V6.2.1 of Xinqi Online Learning System, which can be exploited by attackers to obtain sensitive...

Design flaws in the ajax/Common_Ajax.ashx page of the new startup e-learning system

Online Learning System is an e-learning platform system developed in . A design vulnerability exists in the ajax/CommonAjax.ashx page of Xinqi Online Learning System. The vulnerability exists in ajax/CommonAjax.ashx, which can be exploited by an attacker to construct a specific URL and disclose...

Logic Design Vulnerability in ECS Online Learning System v3.1.0

E-learning Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. E-learning system v3.1.0 has a logical design vulnerability that can be exploited by attackers to reset any user's password and obtain sensitive user information...

S2-045 Remote Command Execution Vulnerability in the Paperless Learning, Using, and Testing System

Paperless learning law and examination system is a set of examination system created based on C/S+B/S mode, developed in JAVA language and using TBS encryption technology. The paperless law usage and examination system suffers from a s2-045 remote command execution vulnerability. By constructing...

IBM Kenexa LCMS Premier on Cloud Information Disclosure Vulnerability (CNVD-2017-01326)

IBM Kenexa LCMS Premier on Cloud is an adjustable Learning Content Management System LCMS for developing, maintaining, and delivering effective employee training from IBM USA. A security vulnerability exists in IBM Kenexa LCMS Premier on Cloud. An attacker could exploit the vulnerability by sendi...

IBM Kenexa LMS on Cloud SQL Injection Vulnerability (CNVD-2017-00563)

IBM Kenexa LMS on Cloud is a configurable, enterprise-grade social learning management system LMS from IBM that integrates social networking, collaboration, and knowledge sharing capabilities. The system provides interactive features and supports users to evaluate learning content and share their...

IBM Kenexa LMS on Cloud Clickjacking Vulnerability

IBM Kenexa LMS on Cloud is a full-featured, configurable, enterprise-grade, social Learning Management System LMS that integrates social networking, collaboration, and knowledge sharing capabilities. The software provides interactive elements that support users in evaluating learning content and...

File Download Vulnerability in New Windward Technology's Online Learning Test System

New Windward Technology Online Learning Exam System is built based on enterprise-level database platform, the system architecture using a three-tier structure, B/S mode development can be used for online training and examination system. The product exists arbitrary file download vulnerability,...

SQL Injection Vulnerability in ClientCourse.asmx?op, E-learning Management System of Xinwei Software

E-learning management system is an online learning platform of Shenzhen Xinwei Software Co. A SQL injection vulnerability exists in the ClientCourse.asmx?op= page of the E-learning management system of Xinwei Software. An attacker can exploit the vulnerability to obtain sensitive information from...

SQL Injection Vulnerability in SmartClient.asmx?op Page of Xinwei Software E-learning System

E-learning management system is an online learning platform of Shenzhen Xinwei Software Co. A SQL injection vulnerability exists in the SmartClient.asmx?op page of Xinwei Software's E-learning system. An attacker can exploit the vulnerability to obtain sensitive information from the website...

XML Entity Injection Vulnerability in Xinwei Software E-learning System

E-learning management system is an online learning platform of Shenzhen Xinwei Software Co. An XML entity injection vulnerability exists in the E-learning system of Xinwei Software. An attacker can use the vulnerability to remotely execute commands and gain server privileges...