All Vulnerabilities for elearning.mod.gov.ge Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| elearning.mod.gov.ge ---|--- Open Bug...

CVE-2021-24242

Affected software: Tutor LMS WordPress plugin (pre-1.8.8). Vulnerability: Local File Inclusion via a maliciously crafted sub_page parameter in the Tools page. Impact: High-privilege users can include arbitrary local PHP files (confidentiality/integrity concerns for the site). Root cause: Improper...

CVE-2021-24182

The tutorquizbuildergetanswersbyquestion AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students...

CVE-2021-24184

Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions...

CVE-2021-24186

The tutoransweringquizquestion/getanswerbyid function pair from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students...

Sql injection

The tutorplacerating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students...

Sql injection

The tutorquizbuildergetanswersbyquestion AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students...

CVE-2021-24184 Tutor LMS < 1.7.7 - Unprotected AJAX including Privilege Escalation

Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions...

CVE-2021-24182

CVE-2021-24182 affects the Tutor LMS WordPress plugin prior to 1.8.3. The flaw is a UNION-based SQL injection in the AJAX action tutor_quiz_builder_get_answers_by_question, exploitable by students. The vulnerability stems from unsafely constructed SQL in the affected function, enabling unauthoriz...

CVE-2021-24185

The CVE-2021-24185 affects the Tutor LMS WordPress plugin prior to version 1.7.7. The vulnerability lies in the tutor_place_rating AJAX action, where blind and time-based SQL injections allow exploitation by a student attacker. Impact, as stated, is exposure of data through SQL injection; exploit...

WordPress eLearning and online course solution 安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the...

WordPress 插件 SQL注入漏洞

WordPress Plugin is an open source application plugin for WordPress. plugin for WordPress. WordPress Plugin eLearning and online course solution before 1.8.3 suffers from a SQL injection vulnerability that stems from susceptibility to federation-based SQL injection attacks...

WordPress SQL注入漏洞

eLearning and online course solution WordPress plugin before 1.8.3 suffers from a SQL injection vulnerability, there is no information about this vulnerability at this time, please stay tuned to CNNVD or vendor announcements...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. eLearning and online course solution WordPress plugin before 1.8.3 suffers from a SQL injection vulnerability that...

CHMSC Elearning System 1.0 SQL Injection

Exploit Title: CHMSC Elearning System 1.0 - SQL Injection Exploit Author: Ferhat Çil Date: 2020-12-25 Vendor Homepage: https://www.sourcecodester.com/php/5172/responsive-e-learning-system.html Software Link:...

elearningasset.com Cross Site Scripting vulnerability OBB-1390452

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

elearning.folias.it Cross Site Scripting vulnerability OBB-1196536

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

elearning.xpertcad.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1173283 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

elearning-creia.dlc.pt Cross Site Scripting vulnerability

Security Researcher Gh05tPT Helped patch 6846 vulnerabilities Received 10 Coordinated Disclosure badges Received 48 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting elearning-creia.dlc.pt website and its users. Following...

elearning-ccilc.dlc.pt Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1106937 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...