Lucene search
K

33 matches found

Cvelist
Cvelist
added 2026/04/14 9:33 p.m.17 views

CVE-2026-35196 Chamilo LMS has OS Command Injection via export_all_certificates action

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an OS Command Injection vulnerability exists in the main/inc/ajax/gradebook.ajax.php endpoint within the exportallcertificates action, where the course code retrieved from the session variable $SESSION'cid'...

8.8CVSS0.00261EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/14 9:33 p.m.1 views

CVE-2026-35196 Chamilo LMS has OS Command Injection via export_all_certificates action

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an OS Command Injection vulnerability exists in the main/inc/ajax/gradebook.ajax.php endpoint within the exportallcertificates action, where the course code retrieved from the session variable $SESSION'cid'...

8.8CVSS6.2AI score0.00261EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/14 9:33 p.m.1 views

CVE-2026-35196

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an OS Command Injection vulnerability exists in the main/inc/ajax/gradebook.ajax.php endpoint within the exportallcertificates action, where the course code retrieved from the session variable $SESSION'cid'...

8.8CVSS6.2AI score0.00261EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/04/14 9:33 p.m.7 views

CVE-2026-35196

Chamilo LMS vulnerable to OS Command Injection prior to 2.0.0-RC.3. The flaw resides in the gradebook.ajax.php endpoint (export_all_certificates action), where the course code is taken from $_SESSION['_cid'] via api_get_course_id() and concatenated into a shell_exec() command without sanitization...

8.8CVSS6.2AI score0.00261EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/09 12:32 a.m.1 views

EUVD-2026-20805

A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /checkavailability.php. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made...

7.5CVSS5.8AI score0.00043EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/08 10:45 p.m.0 views

CVE-2026-5813

A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /checkavailability.php. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made...

7.5CVSS7AI score0.00043EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.0 views

CVE-2026-3110

Insecure Direct Object Reference IDOR vulnerability in Campus Educativa specifically at the endpoint '/administracion/adminusuarios.cgi?filtroestado=T=listadoxlsx===altausuariocursoActual=ID' where the data of users enrolled in the course is exported. Successful exploitation of this vulnerability...

8.7CVSS5.8AI score0.00099EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/16 9:36 a.m.1 views

CVE-2026-3110 Multiple vulnerabilities on the Educativa Campus

Insecure Direct Object Reference IDOR vulnerability in Campus Educativa specifically at the endpoint '/administracion/adminusuarios.cgi?filtroestado=T&wAccion=listadoxlsx&wBuscar=&wFiltrar=&wOrden=altausuario&widcursoActual=ID' where the data of users enrolled in the course is exported. Successfu...

8.7CVSS5.8AI score0.00099EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.5 views

CVE-2023-4602

The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'courseid' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6.4AI score0.00792EPSS
Exploits1References1
NVD
NVD
added 2025/11/26 8:15 p.m.4 views

CVE-2025-65670

An Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts t...

4.3CVSS0.00041EPSS
Exploits2References3
Cvelist
Cvelist
added 2025/11/26 12:0 a.m.7 views

CVE-2025-65670

An Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts t...

0.00041EPSS
Exploits2References3
CVE
CVE
added 2025/11/26 12:0 a.m.9 views

CVE-2025-65670

CVE-2025-65670 describes an insecure direct object reference (IDOR) in classroomio 0.1.13. The issue lets students manipulate the URL course ID to access sensitive admin/teacher endpoints, causing unauthorized disclosure of course, admin, and student data. The leak is described as momentary befor...

4.3CVSS5.9AI score0.00041EPSS
Exploits2References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-62397

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The router's inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance. CVE-2025-62397 No...

5.3CVSS5.5AI score0.00051EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.5 views

PT-2025-47134

Name of the Vulnerable Software and Affected Versions Campcodes School Fees Payment Management System version 1.0 Description A flaw exists in Campcodes School Fees Payment Management System 1.0 that allows for remote SQL injection. The issue is located in the /manage course.php file, specificall...

9.8CVSS7AI score0.00028EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2010-2912

Malware in sbrugna...

7.5CVSS6.4AI score0.00423EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2011-4514

Malware in sbrugna...

5.5CVSS6.1AI score0.00442EPSS
Exploits0References4
OSV
OSV
added 2025/02/12 10:15 a.m.3 views

CVE-2025-1189

A vulnerability, which was classified as critical, was found in 1000 Projects Attendance Tracking Management System 1.0. This affects an unknown part of the file /admin/chart1.php. The manipulation of the argument courseid leads to sql injection. It is possible to initiate the attack remotely. Th...

8.8CVSS5.7AI score0.00102EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.1 views

1000 Projects Attendance Tracking Management System 注入漏洞

1000 Projects Attendance Tracking Management System is an open source attendance management system from 1000 Projects. An injection vulnerability exists in 1000 Projects Attendance Tracking Management System version 1.0, which originates from an SQL injection vulnerability in the courseid paramet...

8.8CVSS7AI score0.00102EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/12/30 12:0 a.m.1 views

1000 Projects Attendance Tracking Management System 注入漏洞

1000 Projects Attendance Tracking Management System is an open source attendance management system from 1000 Projects. An injection vulnerability exists in 1000 Projects Attendance Tracking Management System version 1.0, which stems from an incorrect operation of the courseid parameter that can...

9.8CVSS7AI score0.00089EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/12/23 12:0 a.m.2 views

PT-2024-17785 · Unknown · 1000 Projects Attendance Tracking Management System

Name of the Vulnerable Software and Affected Versions: 1000 Projects Attendance Tracking Management System version 1.0 Description: A critical issue has been identified in the system, affecting unknown code in the file /admin/faculty action.php. The manipulation of the faculty course id argument...

9.8CVSS7.2AI score0.00106EPSS
Exploits1References10
Rows per page
Query Builder