Lucene search
K

183 matches found

CNNVD
CNNVD
added 2024/05/27 12:0 a.m.2 views

Online Student Enrollment System SQL注入漏洞

Online Student Enrollment System is an online student enrollment system by Lyndon Bermoy, an individual developer. A SQL injection vulnerability exists in Online Student Enrollment System version 1.0, which can be exploited by an attacker to send a specially crafted SQL statement to the...

8.8CVSS7.9AI score0.00622EPSS
Exploits1References5
NVD
NVD
added 2024/05/16 6:15 a.m.14 views

CVE-2024-4279

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutorcoursedelete' function due to missing validation on a user controlled key. This can allow...

6.5CVSS6.6AI score0.00418EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/16 5:33 a.m.16 views

CVE-2024-4318 Tutor LMS <= 2.7.0 - Authenticated (Instructor+) SQL Injection

The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘questionid’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS7.3AI score0.00511EPSS
Exploits0References4
CVE
CVE
added 2024/05/16 5:33 a.m.62 views

CVE-2024-4318

CVE-2024-4318 (Tutor LMS – WordPress) is a time-based SQL Injection in Tutor LMS up to and including version 2.7.0 via the question_id parameter, caused by insufficient escaping and improper query preparation. Exploitation is possible by authenticated users with Instructor-level permissions and h...

8.8CVSS7.1AI score0.00511EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/05/16 5:33 a.m.31 views

CVE-2024-4318 Tutor LMS <= 2.7.0 - Authenticated (Instructor+) SQL Injection

The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘questionid’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS8.9AI score0.00511EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/16 5:33 a.m.24 views

CVE-2024-4279 Tutor LMS – eLearning and online course solution <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutorcoursedelete' function due to missing validation on a user controlled key. This can allow...

6.5CVSS6.8AI score0.00418EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/05/16 1:31 a.m.5 views

WordPress Tutor LMS plugin <= 2.7.0 - Authenticated (Instructor+) SQL Injection vulnerability

Authenticated Instructor+ SQL Injection vulnerability discovered by Thanh Nam Tran in WordPress Plugin Tutor LMS versions = 2.7.0...

8.8CVSS8.1AI score0.00511EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/16 12:0 a.m.4 views

PT-2024-30162 · WordPress · The Tutor Lms

Name of the Vulnerable Software and Affected Versions: The Tutor LMS – eLearning and online course solution plugin for WordPress versions up to, and including, 2.7.0 Description: The issue allows authenticated attackers with Instructor-level permissions and above to delete any course due to missi...

6.5CVSS6.8AI score0.00418EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2024/05/15 12:0 a.m.11 views

Tutor LMS < 2.7.1 - Authenticated (Instructor+) SQL Injection

Description The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘questionid’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

8.8CVSS7.3AI score0.00511EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/15 12:0 a.m.17 views

Tutor LMS – eLearning and online course solution < 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion

Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutorcoursedelete' function due to missing validation on a user controlled key. Thi...

6.5CVSS6.6AI score0.00418EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/05/10 1:17 a.m.3 views

WordPress LearnPress plugin <= 4.2.6.5 - Authenticated (Instructor+) Arbitrary File Upload vulnerability

Authenticated Instructor+ Arbitrary File Upload vulnerability discovered by JoanClarke2 in WordPress Plugin LearnPress versions = 4.2.6.5...

8.8CVSS7AI score0.01025EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/05/10 12:0 a.m.18 views

WordPress LearnPress Plugin <= 4.2.6.5 is vulnerable to Arbitrary File Upload

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.5 Fixed in 4.2.6.6 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-4397 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID e486f6c14d9b Credits JoanClarke2 Required privilege...

8.8CVSS6.8AI score0.01025EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/05/09 8:3 p.m.32 views

CVE-2024-4397 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Instructor+) Arbitrary File Upload

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepostmaterials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-level permissio...

8.8CVSS9.1AI score0.01025EPSS
Exploits0References3
EUVD
EUVD
added 2024/05/09 8:3 p.m.5 views

EUVD-2024-44028

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepostmaterials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-level permissio...

8.8CVSS7.2AI score0.01025EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/04/30 12:0 a.m.8 views

The vulnerability of the tutor_instructor_list function in the Tutor LMS plugin for WordPress content management systems allows attackers to perform cross-site scripting attacks.

The vulnerability of the tutorinstructorlist function in the Tutor LMS plugin for WordPress content management systems is related to the lack of protective measures for website structures. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

5.5CVSS5.2AI score0.00385EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2024/04/25 2:33 a.m.5 views

WordPress Tutor LMS plugin <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tutor_instructor_list' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'tutorinstructorlist' Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin Tutor LMS versions = 2.6.2...

5.4CVSS5.8AI score0.00385EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/18 12:0 a.m.6 views

PT-2024-3144 · Tutor Lms · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS versions up to, and including, 2.6.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'tutor instructor list' shortcode due to insufficient input sanitization and output escaping on user-supplied...

5.5CVSS6AI score0.00385EPSS
Exploits0References10
NVD
NVD
added 2024/04/09 7:15 p.m.10 views

CVE-2024-1463

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for...

4.8CVSS4.3AI score0.00426EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/09 6:59 p.m.15 views

CVE-2024-1463 LearnPress <= 4.2.6.3 - Authenticated(LP Instructor+) Stored Cross-Site Scripting

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS7.4AI score0.00426EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/09 6:59 p.m.24 views

CVE-2024-1463 LearnPress <= 4.2.6.3 - Authenticated(LP Instructor+) Stored Cross-Site Scripting

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS4.5AI score0.00426EPSS
Exploits0References2
Rows per page
Query Builder