Lucene search
K

6 matches found

Exploit DB
Exploit DB
added 2024/01/31 12:0 a.m.379 views

Academy LMS 6.2 - SQL Injection

Exploit Title: Academy LMS 6.2 - SQL Injection Exploit Author: CraCkEr Date: 29/08/2023 Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/academy/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4974 CWE: CWE-89 / CWE-74 /...

9.8CVSS9.7AI score0.04886EPSS
Exploits3
0day.today
0day.today
added 2023/09/18 12:0 a.m.371 views

Academy LMS 6.2 SQL Injection Vulnerability

Exploit Title: Academy LMS 6.2 - SQL Injection Exploit Author: CraCkEr Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/academy/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4974 CWE: CWE-89 / CWE-74 / CWE-707 Greeting...

9.8CVSS7.1AI score0.04886EPSS
Exploits3
NVD
NVD
added 2023/09/15 3:15 a.m.23 views

CVE-2023-4974

A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument pricemin/pricemax leads to sql injection. The attack may be...

9.8CVSS8.1AI score0.04886EPSS
Exploits3References3
Prion
Prion
added 2023/09/15 3:15 a.m.20 views

Sql injection

A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument pricemin/pricemax leads to sql injection. The attack may be...

6.5CVSS9.5AI score0.04886EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2023/09/15 2:0 a.m.59 views

CVE-2023-4974

CVE-2023-4974 affects Academy LMS 6.2 (Creative Item). The vulnerability is a SQL injection in the GET parameter handler for /academy/tutor/filter, via price_min and price_max, allowing unauthenticated remote exploitation. Multiple sources (NVD/Nuclei template/Exploit-DB) confirm the vector as a ...

9.8CVSS8.1AI score0.04886EPSS
Exploits3References3Affected Software1
Packet Storm
Packet Storm
added 2023/09/15 12:0 a.m.323 views

Academy LMS 6.2 Cross Site Scripting

Exploit Title: Academy LMS 6.2 - Reflected XSS Exploit Author: CraCkEr Date: 29/08/2023 Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/academy/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4973 CWE...

7.1AI score0.01835EPSS
Exploits4
Rows per page
Query Builder