757 matches found
CVE-2020-36084
SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote attackers to inject sql query in /elearning/deleteteacherstudents.php?id= parameter via id field...
SourceCodester Responsive E-Learning System 安全漏洞
SourceCodester Responsive E-Learning System is an open source e-learning system from Sourcecodester. A security vulnerability exists in SourceCodester Responsive E-Learning System version 1.0. An attacker can exploit this vulnerability to inject a sql query via the id field in the...
CVE-2020-36084
SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote attackers to inject sql query in /elearning/deleteteacherstudents.php?id= parameter via id field...
CVE-2020-36084
CVE-2020-36084 describes a SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0, where an attacker can inject SQL via the id parameter in /elearning/delete_teacher_students.php?id=. The CVSS metrics indicate a critical risk (CVSS v3.1: 9.8, Network attack vector, no priv...
CVE-2020-36084
SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote attackers to inject sql query in /elearning/deleteteacherstudents.php?id= parameter via id field...
CVE-2024-11328 CLUEVO LMS, E-Learning Platform <= 1.13.2 - Reflected Cross-Site Scripting
The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.13.2. This makes it possible for unauthenticated attackers to...
WordPress plugin CLUEVO LMS, E-Learning Platform 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blogs on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin CLUEVO LMS, E-Learning Platform...
CVE-2024-54938
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads...
CVE-2024-54938
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads...
CVE-2024-54923
A SQL Injection vulnerability was found in /admin/editteacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter...
CVE-2024-54931
A SQL Injection was found in /admin/deleteevent.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter...
CVE-2024-54928
kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deleteteacher.php,...
CVE-2024-54924
A SQL Injection was found in /admin/editcontent.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters...
CVE-2024-54932
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deletedepartment.php...
CVE-2024-54925
A SQL Injection was found in /removesentmessage.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter...
CVE-2024-54927
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deleteusers.php...
CVE-2024-54934
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deleteclass.php...
CVE-2024-54927
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deleteusers.php...
CVE-2024-54932
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deletedepartment.php...
CVE-2024-54924
A SQL Injection was found in /admin/editcontent.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters...