VulnCheck KEV: CVE-2024-4434

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘termid’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

relate 安全漏洞

Relate is a web-based learning and teaching environment. A security vulnerability exists in versions prior to relate 2024.1, which stems from a Template Injection SSTI vulnerability in the Batch Issue Exam Tickets feature...

GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload

Exploit Title: GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload Date: 2024-02-04 Exploit Author: Georgios Tsimpidas Vendor Homepage: https://www.openeclass.org/ Software Link: https://download.openeclass.org/files/3.15/ Version: 3.15 2024 Tested on: Debian Kali...

Exploit for Unrestricted Upload of File with Dangerous Type in Openeclass

CVE-2024-31777 | GUnet OpenEclass E-learning platform Unrestri...

Design/Logic Flaw

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version...

CVE-2024-28198

OpenOLAT contains an XXE/SSRF vulnerability in the draw.io integration that allows an attacker to read arbitrary files as the system user by manipulating HTTP requests. Affected versions are OpenOLAT prior to 18.1.6 and prior to 18.2.2. The issue is fixed in 18.1.6 and 18.2.2; users should upgrad...

CVE-2024-28198 XML external entity (XXE) injection in OpenOLAT

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version...

BIT-TENSORFLOW-2021-29599 Division by zero in TFLite's implementation of `Split`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the Split TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/e2752089ef7ce9bcf3db0ec618ebd23ea119d0c7/tensorflow/lite/kernels/split.ccL63-L65. An attack...

Mlflow Code Issue Vulnerability

Mlflow is an open source platform for machine learning lifecycle. Mlflow suffers from a code issue vulnerability. An attacker exploiting this vulnerability could remotely execute code on a victim computer...

Moodle Security Breach

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle. No information about this vulnerability is available at this time, please stay tuned to CNN...

Moodle Security Breach

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle. No information about this vulnerability is available at this time, please stay tuned to CNN...

Moodle Security Breach

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle. No information about this vulnerability is available at this time, please stay tuned to CNN...

CLUEVO LMS, E-Learning Platform < 1.11.0 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2023-40607 WordPress CLUEVO LMS, E-Learning Platform Plugin <= 1.10.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin = 1.10.0 versions...

CVE-2023-40607

CVE-2023-40607 is a CSRF vulnerability in the WordPress plugin CLUEVO LMS, E-Learning Platform , affecting versions ≤ 1.10.0 . The issue could enable an unauthenticated attacker to trigger actions on behalf of a user; remediation is to upgrade to version 1.11.0 or newer . Public sources show vary...

CVE-2023-40607 WordPress CLUEVO LMS, E-Learning Platform Plugin <= 1.10.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin = 1.10.0 versions...

WordPress Plugin CLUEVO LMS, E-Learning Platform Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Chamilo unauthenticated command injection in PowerPoint upload

Chamilo is an e-learning platform, also called Learning Management Systems LMS. This module exploits an unauthenticated remote command execution vulnerability that affects Chamilo versions 1.11.18 and below CVE-2023-34960. Due to a functionality called Chamilo Rapid to easily convert PowerPoint...

Moodle 安全漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle, which stems from the presence of an SQL injection vulnerability...

Moodle 安全漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle, which stems from the presence of a redirection vulnerability...