188 matches found
CISA: VILT Fact Sheet
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
WordPress WPLMS plugin < 1.9.9.5.2 - Instructor+ Arbitrary File Upload vulnerability
Instructor+ Arbitrary File Upload vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WPLMS versions 1.9.9.5.2...
WordPress WPLMS plugin < 1.9.9.5.3 - Instructor+ SQL Injection vulnerability
Instructor+ SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WPLMS versions 1.9.9.5.3...
CVE-2024-53258 download_all_submissions allows student to download another student's submissions in Autolab
Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the downloadallsubmissions feature. This can allow for leakage of...
CVE-2024-10393
CVE-2024-10393 affects the WordPress Tutor LMS plugin, vulnerable in versions
CVE-2024-48530
An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service DoS via a crafted POST request...
CVE-2024-48530
An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service DoS via a crafted POST request...
PT-2024-33131 · Unknown · Esoft Planner
Name of the Vulnerable Software and Affected Versions: eSoft Planner version 3.24.08271-USA Description: An issue in the Instructor Appointment Availability module allows attackers to cause a Denial of Service DoS via a crafted POST request. Recommendations: For version 3.24.08271-USA, consider...
CVE-2024-48530
An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service DoS via a crafted POST request...
CVE-2024-47158
N-LINE 2.0.6 and prior versions contain a code injection vulnerability. If this vulnerability is exploited, arbitrary code may be executed on the instructor's browser, or the instructor may be directed to a malicious website...
CVE-2024-47158
N-LINE 2.0.6 and prior versions contain a code injection vulnerability. If this vulnerability is exploited, arbitrary code may be executed on the instructor's browser, or the instructor may be directed to a malicious website...
N-LINE vulnerable to HTML injection
Overview N-LINE provided by NEUMANN CO.LTD. is an online learning management system for driving schools. N-LINE processes inputs with insufficient check CWE-94, and malicious inputs from an student's device may badly impact the instructor's screen. Ayato Shitomi of Fore-Z co.ltd reported this...
WordPress Tutor LMS Plugin <= 2.7.3 is vulnerable to Cross Site Scripting (XSS)
Software Tutor LMS Type Plugin Vulnerable versions = 2.7.3 Fixed in 2.7.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43231 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c09ff6728ca9 Credits justakazh Required privilege Instructor...
CVE-2024-41806 Open edX Platform's instructor upload CSV for cohort creation not Private by Default
The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...
CVE-2024-41806 Open edX Platform's instructor upload CSV for cohort creation not Private by Default
The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...
PT-2024-5257 · Amazon · Aws S3
Name of the Vulnerable Software and Affected Versions: Open edX Platform versions master, palm, olive, nutmeg, maple, lilac, koa, or juniper Description: The issue is related to inadequate access control in the Open edX Platform, specifically with the AWS S3 Bucket Handler component. This may all...
WordPress MasterStudy LMS plugin < 3.3.24 - Privilege Escalation to Instructor vulnerability
Privilege Escalation to Instructor vulnerability discovered by Jaime F. Murillo in WordPress Plugin MasterStudy LMS versions 3.3.24...
CVE-2024-5973
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have...
CVE-2024-5973
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have...
PT-2024-37284 · WordPress · Masterstudy Lms Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: The MasterStudy LMS WordPress Plugin versions prior to 3.3.24 Description: The issue allows students to create instructor accounts, potentially granting them access to unauthorized functionalities. Recommendations: For versions prior to 3.3.2...