210 matches found
CVE-2024-34919
An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-34919
An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-34919
The CVE-2024-34919 entry describes an arbitrary file upload in Pisay Online E-Learning System v1.0, specifically the modstudent/controller.php component, enabling attackers to execute arbitrary code via crafted uploads. The vulnerability is associated with PHP/MySQL-based Pisay Online E-Learning ...
CVE-2024-34919
An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-4349
A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be...
CVE-2024-4349 SourceCodester Pisay Online E-Learning System controller.php unrestricted upload
A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be...
CVE-2024-4349
CVE-2024-4349 affects SourceCodester Pisay Online E-Learning System 1.0. The vulnerability lies in the /lesson/controller.php file where manipulating the file parameter leads to unrestricted uploads. It can be exploited remotely, and publicly disclosed exploit information exists (VDB-262489). Rem...
CVE-2022-43319
An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files...
CVE-2022-43319
An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files...
Information disclosure
An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files...
CVE-2022-43319
CVE-2022-43319 affects Simple E-Learning System v1.0. The vulnerability resides in the endpoint vcs/downloadFiles.php?download=./search.php, enabling an attacker to read arbitrary files and thus disclose confidential data. The reported impact is High confidentiality loss (CVSS v3.1: AV:N/AC:L/PR:...
CVE-2022-43319
An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files...
CVE-2022-43319
An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files...
PT-2022-26845 · Unknown · Simple E-Learning System
Name of the Vulnerable Software and Affected Versions: Simple E-Learning System version 1.0 Description: An information disclosure issue exists in the component "vcs/downloadFiles.php?download=./search.php" of Simple E-Learning System, allowing attackers to read arbitrary files. Recommendations:...
CVE-2022-40872
An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode...
Sql injection
An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode...
PT-2022-25597 · Unknown · Sourcecodester Simple E-Learning System
Name of the Vulnerable Software and Affected Versions: Sourcecodester Simple E-Learning System version 1.0 Description: A SQL injection issue was found in the /vcs/classRoom.php endpoint, specifically with the classCode parameter. This allows for potential SQL injection attacks. Recommendations:...
CVE-2022-40872
An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode...
CVE-2022-40872
Sourcecodester Simple E-Learning System 1.0 is affected by an SQL injection in the /vcs/classRoom.php?classCode= endpoint. The root cause is unsafely handling the classCode parameter, enabling an attacker to induce high-severity impact to confidentiality, integrity, and availability (CVSS v3.1: 9...
Simple E-Learning System SQL注入漏洞
Simple E-Learning System is a simple e-learning system. version 1.0 of Simple E-Learning System is vulnerable to SQL injection, which stems from the presence of SQL injection in classCode. No detailed vulnerability details are available at this time...