CVE-2023-4602

The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'courseid' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

EUVD-2010-2912

Malware in sbrugna...

1000 Projects Attendance Tracking Management System 注入漏洞

1000 Projects Attendance Tracking Management System is an open source attendance management system from 1000 Projects. An injection vulnerability exists in 1000 Projects Attendance Tracking Management System version 1.0, which originates from an SQL injection vulnerability in the courseid paramet...

1000 Projects Attendance Tracking Management System 注入漏洞

1000 Projects Attendance Tracking Management System is an open source attendance management system from 1000 Projects. An injection vulnerability exists in 1000 Projects Attendance Tracking Management System version 1.0, which stems from an incorrect operation of the courseid parameter that can...

CVE-2024-4902

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘courseid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...

PT-2024-33320 · WordPress · The Tutor Lms

Name of the Vulnerable Software and Affected Versions: The Tutor LMS – eLearning and online course solution plugin for WordPress versions up to, and including, 2.7.1 Description: The issue is related to time-based SQL Injection via the course id parameter due to insufficient escaping on the...

PT-2023-29801 · WordPress · Namaste! Lms

Name of the Vulnerable Software and Affected Versions: Namaste! LMS plugin for WordPress versions up to, and including, 2.6.1.1 Description: The issue arises from insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts via the course...

CVE-2021-25006

The MOLIE WordPress plugin through 0.5 does not escape the courseid parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue...

PT-2021-17127 · Unknown · Phpgurukul Student Record System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Student Record System version 4.0 Description: The issue allows remote attackers to execute arbitrary SQL statements. This is achieved via the cid parameter to the "edit-course.php" endpoint. Recommendations: For PHPGurukul Student...

CVE-2010-2354

SQL injection vulnerability in subscribe.php in Pilot Group PG eLMS Pro allows remote attackers to execute arbitrary SQL commands via the courseid parameter...