Lucene search
K

4 matches found

0day.today
0day.today
added 2023/09/18 12:0 a.m.371 views

Academy LMS 6.2 SQL Injection Vulnerability

Exploit Title: Academy LMS 6.2 - SQL Injection Exploit Author: CraCkEr Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/academy/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4974 CWE: CWE-89 / CWE-74 / CWE-707 Greeting...

9.8CVSS7.1AI score0.04886EPSS
Exploits3
OSV
OSV
added 2023/09/15 3:15 a.m.5 views

CVE-2023-4974

A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument pricemin/pricemax leads to sql injection. The attack may be...

9.8CVSS5.7AI score0.04886EPSS
Exploits3References3
Cvelist
Cvelist
added 2023/09/15 2:0 a.m.27 views

CVE-2023-4974 Academy LMS GET Parameter filter sql injection

A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument pricemin/pricemax leads to sql injection. The attack may be...

6.5CVSS9.9AI score0.04886EPSS
Exploits3References3
CVE
CVE
added 2023/09/15 2:0 a.m.59 views

CVE-2023-4974

CVE-2023-4974 affects Academy LMS 6.2 (Creative Item). The vulnerability is a SQL injection in the GET parameter handler for /academy/tutor/filter, via price_min and price_max, allowing unauthenticated remote exploitation. Multiple sources (NVD/Nuclei template/Exploit-DB) confirm the vector as a ...

9.8CVSS8.1AI score0.04886EPSS
Exploits3References3Affected Software1
Rows per page
Query Builder