CVE-2026-35196 Chamilo LMS has OS Command Injection via export_all_certificates action

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an OS Command Injection vulnerability exists in the main/inc/ajax/gradebook.ajax.php endpoint within the exportallcertificates action, where the course code retrieved from the session variable $SESSION'cid'...

CVE-2026-35196 Chamilo LMS has OS Command Injection via export_all_certificates action

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an OS Command Injection vulnerability exists in the main/inc/ajax/gradebook.ajax.php endpoint within the exportallcertificates action, where the course code retrieved from the session variable $SESSION'cid'...

CVE-2026-35196

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an OS Command Injection vulnerability exists in the main/inc/ajax/gradebook.ajax.php endpoint within the exportallcertificates action, where the course code retrieved from the session variable $SESSION'cid'...

CVE-2026-35196

Chamilo LMS vulnerable to OS Command Injection prior to 2.0.0-RC.3. The flaw resides in the gradebook.ajax.php endpoint (export_all_certificates action), where the course code is taken from $_SESSION['_cid'] via api_get_course_id() and concatenated into a shell_exec() command without sanitization...

EUVD-2026-20805

A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /checkavailability.php. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made...

CVE-2026-5813

A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /checkavailability.php. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made...

CVE-2026-3110

Insecure Direct Object Reference IDOR vulnerability in Campus Educativa specifically at the endpoint '/administracion/adminusuarios.cgi?filtroestado=T=listadoxlsx===altausuariocursoActual=ID' where the data of users enrolled in the course is exported. Successful exploitation of this vulnerability...

CVE-2026-3110 Multiple vulnerabilities on the Educativa Campus

Insecure Direct Object Reference IDOR vulnerability in Campus Educativa specifically at the endpoint '/administracion/adminusuarios.cgi?filtroestado=T&wAccion=listadoxlsx&wBuscar=&wFiltrar=&wOrden=altausuario&widcursoActual=ID' where the data of users enrolled in the course is exported. Successfu...

CVE-2023-4602

The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'courseid' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-65670

An Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts t...

CVE-2025-65670

An Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts t...

CVE-2025-65670

CVE-2025-65670 describes an insecure direct object reference (IDOR) in classroomio 0.1.13. The issue lets students manipulate the URL course ID to access sensitive admin/teacher endpoints, causing unauthorized disclosure of course, admin, and student data. The leak is described as momentary befor...

Linux Distros Unpatched Vulnerability : CVE-2025-62397

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The router's inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance. CVE-2025-62397 No...

PT-2025-47134

Name of the Vulnerable Software and Affected Versions Campcodes School Fees Payment Management System version 1.0 Description A flaw exists in Campcodes School Fees Payment Management System 1.0 that allows for remote SQL injection. The issue is located in the /manage course.php file, specificall...

EUVD-2010-2912

Malware in sbrugna...

EUVD-2011-4514

Malware in sbrugna...

CVE-2025-1189

A vulnerability, which was classified as critical, was found in 1000 Projects Attendance Tracking Management System 1.0. This affects an unknown part of the file /admin/chart1.php. The manipulation of the argument courseid leads to sql injection. It is possible to initiate the attack remotely. Th...

1000 Projects Attendance Tracking Management System 注入漏洞

1000 Projects Attendance Tracking Management System is an open source attendance management system from 1000 Projects. An injection vulnerability exists in 1000 Projects Attendance Tracking Management System version 1.0, which originates from an SQL injection vulnerability in the courseid paramet...

1000 Projects Attendance Tracking Management System 注入漏洞

1000 Projects Attendance Tracking Management System is an open source attendance management system from 1000 Projects. An injection vulnerability exists in 1000 Projects Attendance Tracking Management System version 1.0, which stems from an incorrect operation of the courseid parameter that can...

PT-2024-17785 · Unknown · 1000 Projects Attendance Tracking Management System

Name of the Vulnerable Software and Affected Versions: 1000 Projects Attendance Tracking Management System version 1.0 Description: A critical issue has been identified in the system, affecting unknown code in the file /admin/faculty action.php. The manipulation of the faculty course id argument...