19 matches found
CVE-2026-6965 Tutor LMS <= 3.9.9 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion via 'course' GET Parameter
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the getcourseidby function unconditionally trusting the user-supplied course GET parameter as the authoritative course ...
CVE-2026-6965
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the getcourseidby function unconditionally trusting the user-supplied course GET parameter as the authoritative course ...
CVE-2026-6965 Tutor LMS <= 3.9.9 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion via 'course' GET Parameter
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the getcourseidby function unconditionally trusting the user-supplied course GET parameter as the authoritative course ...
CVE-2026-6965
The CVE-2026-6965 entry concerns Tutor LMS
PT-2026-40580
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the get course id by function unconditionally trusting the user-supplied course GET parameter as the authoritative cour...
Student Record System add-subject.php File SQL Injection Vulnerability
Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally-entered SQL statements in the sub1, sub2, sub3, sub4, and course-short parameters of add-subject.php. An attacker can exploit this...
CampCodes School Fees Payment Management System SQL注入漏洞
School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from a lack of validation of an externally entered SQL statement in the parameter ID of the file...
CVE-2025-3149
A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been classified as problematic. Affected is an unknown function of the file /shwwar/fileupload of the component Edit Job Page. The manipulation of the argument Course leads to cross site scripting. It is...
Student-Homework-Management-System 代码注入漏洞
Student-Homework-Management-System is a student work management system developed by itning individual developers using SSM+Shiro. A code injection vulnerability exists in Student-Homework-Management-System 1.2.7 and earlier versions, which stems from a cross-site scripting attack due to incorrect...
CVE-2025-2662
A vulnerability was found in Project Worlds Online Time Table Generator 1.0. It has been classified as critical. Affected is an unknown function of the file student/studentdashboard.php. The manipulation of the argument course leads to sql injection. It is possible to launch the attack remotely...
Projectworlds Online Time Table Generator 注入漏洞
Projectworlds Online Time Table Generator is an online time table generator from Projectworlds India. An injection vulnerability exists in Projectworlds Online Time Table Generator version 1.0, which stems from the fact that incorrect manipulation of the parameter course can lead to SQL injection...
1000 Projects Attendance Tracking Management System 注入漏洞
1000 Projects Attendance Tracking Management System is an open source attendance management system from 1000 Projects. 1000 Projects Attendance Tracking Management System version 1.0 suffers from an injection vulnerability, which originates from the parameter facultycourseid in the file...
Teacher Subject Allocation Management System Cross-Site Request Forgery Vulnerability
Teacher Subject Allocation Management System is a Teacher Subject Allocation Management System. A cross-site request forgery vulnerability exists in version 1.0 of the PHPGurukul Teacher Subject Allocation Management System, which stems from the parameter delid in the file /admin/course.php that...
CVE-2023-3310
A vulnerability, which was classified as critical, has been found in code-projects Agro-School Management System 1.0. Affected by this issue is some unknown functionality of the file loaddata.php. The manipulation of the argument subject/course leads to sql injection. The attack may be launched...
Agro-School Management System SQL注入漏洞
Agro-School Management System is an agricultural school management system. A SQL injection vulnerability exists in Agro-School Management System version 1.0, which stems from a problem with the file loaddata.php, where manipulation of the subject/course parameter can result in sql injection...
CVE-2007-2902
SQL injection vulnerability in main/auth/myprogress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter...
CVE-2007-2902
SQL injection vulnerability in main/auth/myprogress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter...
CVE-2005-2649
Cross-site scripting XSS vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via 1 course parameter in login.php or 2 words parameter in search.php...
CVE-2005-2649
CVE-2005-2649 describes a cross-site scripting (XSS) vulnerability in ATutor 1.5.1 that allows remote attackers to inject arbitrary script or HTML via the parameters course in login.php or words in search.php. The CVE is cited with a base score of 4.3 (Medium) on the NVD entry, and multiple conne...