13 matches found
CVE-2025-67259
A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API requests. Changing a captured POST request to a GET request against the /rest/v1/course PostgREST...
CVE-2025-67259
A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API requests. Changing a captured POST request to a GET request against the /rest/v1/course PostgREST...
ClassroomIO.com 访问控制错误漏洞
ClassroomIO.com is an educational platform developed by ClassroomIO as open source. Version 0.1.13 of ClassroomIO.com contains a vulnerability related to access control. This vulnerability arises from ineffective access control, allowing low-privilege student users who are authenticated to access...
CVE-2026-1870
The CVE-2026-1870 case concerns the WordPress plugin Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor, affected up to version 1.3.7. The vulnerability arises from missing validation in the REST endpoint thim-ekit/archive-course/get-courses, allowing unauthenticated attackers t...
EUVD-2025-197771
A vulnerability was found in Campcodes School Fees Payment Management System 1.0. This affects an unknown function of the file /ajax.php?action=savecourse. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could...
CVE-2025-10388
A vulnerability was identified in Selleo Mentingo 2025.08.27. This issue affects some unknown processing of the file /api/course/enroll-course of the component Create New Course Basic Settings. Such manipulation of the argument Description leads to cross site scripting. The attack can be launched...
CVE-2025-10388
The CVE-2025-10388 vulnerability concerns Selleo Mentingo version 2025.08.27. Affected component: Create New Course Basic Settings, specifically the /api/course/enroll-course endpoint. Root cause: manipulation of the Description argument leading to cross-site scripting (XSS). The issue can be exp...
CVE-2025-10388 Selleo Mentingo Create New Course Basic Settings enroll-course cross site scripting
A vulnerability was identified in Selleo Mentingo 2025.08.27. This issue affects some unknown processing of the file /api/course/enroll-course of the component Create New Course Basic Settings. Such manipulation of the argument Description leads to cross site scripting. The attack can be launched...
Selleo Mentingo 代码注入漏洞
Selleo Mentingo is an in-house training and employee development platform from Selleo Poland. A code injection vulnerability exists in Selleo Mentingo version 2025.08.27, which stems from an incorrect manipulation of the parameter Description in the file /api/course/enroll-course, which could lea...
PT-2024-16287 · Unknown · Project Worlds Online Time Table Generator
Name of the Vulnerable Software and Affected Versions: Project Worlds Online Time Table Generator version 1.0 Description: A critical issue has been found in the software, affecting an unknown function of the file /timetable/admin/admindashboard.php?info=add course. The manipulation of the argume...
VulnCheck KEV: CVE-2024-8529
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'cfields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...
PT-2023-19498 · Sourcecodester · Sourcecodester Simple Student Information System
Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Student Information System version 1.0 Description: A problematic issue was found in the system, affecting the /classes/Master.php?f=save course component of the Add New Course feature. The manipulation of the name...
PT-2021-17127 · Unknown · Phpgurukul Student Record System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Student Record System version 4.0 Description: The issue allows remote attackers to execute arbitrary SQL statements. This is achieved via the cid parameter to the "edit-course.php" endpoint. Recommendations: For PHPGurukul Student...