757 matches found
CVE-2024-34919
An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2024-4349
A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be...
CVE-2024-4349 SourceCodester Pisay Online E-Learning System controller.php unrestricted upload
A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be...
CVE-2024-4349
CVE-2024-4349 affects SourceCodester Pisay Online E-Learning System 1.0. The vulnerability lies in the /lesson/controller.php file where manipulating the file parameter leads to unrestricted uploads. It can be exploited remotely, and publicly disclosed exploit information exists (VDB-262489). Rem...
CVE-2024-4349 SourceCodester Pisay Online E-Learning System controller.php unrestricted upload
A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be...
Pisay Online E-Learning System 代码问题漏洞
Sourcecodester Pisay Online E-Learning System is an online e-learning system based on PHP and MySQL. A code issue vulnerability exists in Pisay Online E-Learning System version 1.0, which stems from the parameter file in the file /lesson/controller.php that can lead to unrestricted uploads...
GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload
Exploit Title: GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload Date: 2024-02-04 Exploit Author: Georgios Tsimpidas Vendor Homepage: https://www.openeclass.org/ Software Link: https://download.openeclass.org/files/3.15/ Version: 3.15 2024 Tested on: Debian Kali...
Exploit for Unrestricted Upload of File with Dangerous Type in Openeclass
CVE-2024-31777 | GUnet OpenEclass E-learning platform Unrestri...
GUnet OpenEclass E-learning 3.15 File Upload / Command Execution Exploit
GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command execution. import requests import argparse import zipfile import os import sys RED = '\03391m' GREEN = '\03392m' YELLOW = '\03393m' RESET =...
Moodle Denial of Service Vulnerability (CNVD-2024-13538)
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A denial-of-service vulnerability exists in Moodle, which stems from insufficient file size checking, and can be exploited by an attack...
Design/Logic Flaw
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version...
CVE-2024-28198
OpenOLAT contains an XXE/SSRF vulnerability in the draw.io integration that allows an attacker to read arbitrary files as the system user by manipulating HTTP requests. Affected versions are OpenOLAT prior to 18.1.6 and prior to 18.2.2. The issue is fixed in 18.1.6 and 18.2.2; users should upgrad...
CVE-2024-28198 XML external entity (XXE) injection in OpenOLAT
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version...
e-learning.ippo.kubg.edu.ua Cross Site Scripting vulnerability OBB-3855046
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Moodle Security Breach
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle. No information about this vulnerability is available at this time, please stay tuned to CNN...
Moodle Security Breach
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle. No information about this vulnerability is available at this time, please stay tuned to CNN...
Moodle Security Breach
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle. No information about this vulnerability is available at this time, please stay tuned to CNN...
e-learning.igacloud.net Cross Site Scripting vulnerability OBB-3751046
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CLUEVO LMS, E-Learning Platform < 1.11.0 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2023-40607 WordPress CLUEVO LMS, E-Learning Platform Plugin <= 1.10.0 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin = 1.10.0 versions...