CVE-2024-5237 Campcodes Complete Web-Based School Management System timetable_grade_wise.php sql injection

A vulnerability, which was classified as critical, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/timetablegradewise.php. The manipulation of the argument grade leads to sql injection. The attack...

CVE-2023-23611 xblock-lti-consumer contain Missing Authorization in Grade Pass Back Implementation

LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on the Open edX platform can post a grade back...

Critical WordPress e-Learning Plugin Bugs Open Door to Cheating

Researchers have disclosed critical-severity flaws in three popular WordPress plugins used widely by colleges and universities: LearnPress, LearnDash and LifterLMS. The flaws, now patched, could allow students to steal personal information, change their grades, cheat on tests and more. The...

四川某大学老师帐号和密码泄漏，可以任意更改成绩

简要描述： 老师的密码是初始密码，未更改。 详细说明： 通过查询老师的工号，用初始密码123456即可登录，可随意更改成绩，危害极大。 google：inurl：/jwweb/ 有很多。 漏洞证明： 就拿我的学校来测试吧：http://jwc.scac.edu.cn/jwweb/ 通过课表查询老师的工号 可以...

方正教务系统sql注射

简要描述： 你还再为考试挂科而烦恼么，你还再为大学里怎么要妹子电话而纠结么，你想快速找到学校里的漂亮妹子么，那么请看下文 详细说明： 1. 教室查询处有sql注射，如图 1 union select NULL,owner from alltables 爆出数据库 2. 找回密码存在sql注射 验证方式为本地javascript验证，服务端未做验证，可爆出第一个用户（管理员密码） 首先通过sql注射查处老师登录帐号密码（顺便吐槽下，这代码命名也不规范，表，字段名字尽是xyz,xsz之类的，密码加密也是用的可逆的方式，而且还是自己写的加密算法，或者那个不能叫做加密算法，就是简单的字符串变换）...