307 matches found
CVE-2025-2687
A vulnerability classified as critical has been found in PHPGurukul eLearning System 1.0. Affected is an unknown function of the file /user/index.php of the component Image Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-2687
A vulnerability classified as critical has been found in PHPGurukul eLearning System 1.0. Affected is an unknown function of the file /user/index.php of the component Image Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-2687
A vulnerability classified as critical has been found in PHPGurukul eLearning System 1.0. Affected is an unknown function of the file /user/index.php of the component Image Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-2687 PHPGurukul eLearning System Image index.php unrestricted upload
A vulnerability classified as critical has been found in PHPGurukul eLearning System 1.0. Affected is an unknown function of the file /user/index.php of the component Image Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-2687
CVE-2025-2687 affects PHPGurukul eLearning System 1.0. The vulnerable component is the Image Handler, specifically the file /user/index.php, where an unspecified function handling images allows an unrestricted upload. The vulnerability can be triggered remotely and exploitation has been publicly ...
CVE-2025-2687 PHPGurukul eLearning System Image index.php unrestricted upload
A vulnerability classified as critical has been found in PHPGurukul eLearning System 1.0. Affected is an unknown function of the file /user/index.php of the component Image Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...
PHPGurukul eLearning System 代码问题漏洞
PHPGurukul eLearning System is an eLearning system from PHPGurukul Inc. A code issue vulnerability exists in version 1.0 of the PHPGurukul eLearning System, which stems from an image processing component in the file /user/index.php that could lead to unlimited uploads...
PT-2025-7685 · Sourcecodester · Sourcecodester Elearning System
Name of the Vulnerable Software and Affected Versions: SourceCodester E-Learning System version 1.0 Description: A vulnerability was found in the User Registration Handler component, specifically affecting the /register.php file. This issue leads to cross-site scripting and can be initiated...
CVE-2024-12127
The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 0.0.21 due to insufficient input sanitization and output escaping. This...
CVE-2024-54928
kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deleteteacher.php,...
CVE-2024-54925
A SQL Injection was found in /removesentmessage.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter...
Kashipara E-learning Management System 安全漏洞
Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0, which originates from an SQL injection vulnerability in /admin/deleteclass.php...
Kashipara E-learning Management System 安全漏洞
Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System version 1.0, which is caused by an SQL injection in the parameter classname...
Kashipara E-learning Management System 安全漏洞
Kashipara E-learning Management System is a learning management system from Kashipara Inc. A security vulnerability exists in Kashipara E-learning Management System version 1.0, which originates from SQL injection of the parameters cys, un, ln, fn, and id...
Kashipara E-learning Management System 安全漏洞
Kashipara E-learning Management System is a learning management system from Kashipara Corporation. A security vulnerability exists in Kashipara E-learning Management System version 1.0, which originates from SQL injection of the parameters firstname and lastname...
CVE-2024-10000 Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Stored Cross-Site Scripting via Ask a Question Functionality
The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the question's content parameter in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping. This makes it...
PT-2024-15966 · WordPress · Masteriyo - Lms
Name of the Vulnerable Software and Affected Versions: Masteriyo LMS – eLearning and Online Course Builder for WordPress versions prior to 1.13.3 Description: The issue is related to Stored Cross-Site Scripting via the question's content parameter due to insufficient input sanitization and output...
CVE-2024-5438 Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for authenticated...
CVE-2024-5438
CVE-2024-5438: Tutor LMS – eLearning and online course solution for WordPress affects all versions up to 2.7.1. The issue is an Insecure Direct Object Reference in the quiz attempts deletion path via the attempt_delete function, due to missing validation on a user-controlled key. This allows auth...
Tutor LMS – eLearning and online course solution < 2.7.2 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion
Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for...