Lucene search
K

61 matches found

Cvelist
Cvelist
added 2023/01/18 12:0 a.m.26 views

CVE-2020-35326

SQL Injection vulnerability in file /inxedu/demoinxeduopen/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml in inxedu 2.0.6 via the id value...

9.9AI score0.13561EPSS
Exploits1References2
CVE
CVE
added 2023/01/18 12:0 a.m.37 views

CVE-2020-35326

The CVE-2020-35326 entry documents a SQL injection vulnerability in the inxedu product, specifically in the WebsiteImagesMapper.xml around the WebsiteImagesMapper code path for inxedu 2.0.6. The underlying issue is an injection flaw caused by an unsafely used id value in the MyBatis mapping file,...

9.8CVSS9.8AI score0.13561EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/01/18 12:0 a.m.3 views

inxedu SQL注入漏洞

Inxedu inxedu is a set of open source online education platform of China Inxedu Inxedu company. The platform includes an online school system, a live broadcasting system, an examination system and a marketing website. SQL injection vulnerability exists in inxedu version 2.0.6, the vulnerability...

9.8CVSS8.6AI score0.13561EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/01/18 12:0 a.m.5 views

CVE-2020-35326

SQL Injection vulnerability in file /inxedu/demoinxeduopen/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml in inxedu 2.0.6 via the id value...

10AI score0.13561EPSS
Exploits1References2
OSV
OSV
added 2021/04/29 5:15 p.m.4 views

CVE-2020-35430

SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem...

9.8CVSS7.4AI score0.01093EPSS
Exploits1References1
NVD
NVD
added 2021/04/29 5:15 p.m.15 views

CVE-2020-35430

SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem...

9.8CVSS0.01093EPSS
Exploits1References1
Prion
Prion
added 2021/04/29 5:15 p.m.15 views

Sql injection

SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem...

7.5CVSS9.7AI score0.01093EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/04/29 4:21 p.m.34 views

CVE-2020-35430

CVE-2020-35430 is an SQL injection vulnerability in Inxedu v2.0.6, reachable via the ids parameter in admin/letter/delsystem of the AdminMsgSystemController (com/inxedu/OS/edu/controller/letter). The issue is triggered by unsafely constructed SQL, enabling partial/full data exposure or manipulati...

9.8CVSS9.8AI score0.01093EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/04/29 4:21 p.m.20 views

CVE-2020-35430

SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem...

9.9AI score0.01093EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/04/29 12:0 a.m.6 views

Inxedu inxedu SQL注入漏洞

Inxedu inxedu is a set of open source online education platform of China Inxedu Inxedu company. The platform includes an online school system, a live broadcasting system, an examination system and a marketing website. Inxedu v2.0.6 suffers from a SQL injection vulnerability, which originates from...

9.8CVSS8.6AI score0.01093EPSS
Exploits1References2
NVD
NVD
added 2019/02/09 10:29 p.m.15 views

CVE-2019-7684

inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. The vulnerable code location is com.inxedu.os.common.controller.VideoUploadControllergok4 com/inxedu/os/common/controller/VideoUploadController.java. The attacker uses the /video/uploadvideo fileTyp...

10CVSS9.5AI score0.02146EPSS
Exploits1References1
OSV
OSV
added 2019/02/09 10:29 p.m.2 views

CVE-2019-7684

inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. The vulnerable code location is com.inxedu.os.common.controller.VideoUploadControllergok4 com/inxedu/os/common/controller/VideoUploadController.java. The attacker uses the /video/uploadvideo fileTyp...

9.8CVSS5.8AI score0.02146EPSS
Exploits1References1
Prion
Prion
added 2019/02/09 10:29 p.m.12 views

Code injection

inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. The vulnerable code location is com.inxedu.os.common.controller.VideoUploadControllergok4 com/inxedu/os/common/controller/VideoUploadController.java. The attacker uses the /video/uploadvideo fileTyp...

10CVSS9.4AI score0.02146EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/02/09 10:0 p.m.23 views

CVE-2019-7684

inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. The vulnerable code location is com.inxedu.os.common.controller.VideoUploadControllergok4 com/inxedu/os/common/controller/VideoUploadController.java. The attacker uses the /video/uploadvideo fileTyp...

9.5AI score0.02146EPSS
Exploits1References1
CVE
CVE
added 2019/02/09 10:0 p.m.36 views

CVE-2019-7684

The CVE-2019-7684 entry describes a vulnerability in inxedu (through 2018-12-24) where the file upload logic in VideoUploadController#gok4 (com/inxedu/os/common/controller/VideoUploadController.java) uses the /video/uploadvideo fileType parameter to control allowed extensions. An attacker can mod...

10CVSS9.3AI score0.02146EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2019/01/04 12:0 a.m.1 views

inxedu SQL Injection Vulnerability

inxedu is a set of open source online education platform of China's inxedu technology company. The platform includes an online school system, a live broadcasting system, an examination system, a community system and a marketing website. SQL injection vulnerability exists in inxedu 2018-12-24 and...

9.8CVSS7.9AI score0.01532EPSS
Exploits0References1
NVD
NVD
added 2019/01/02 5:29 p.m.10 views

CVE-2019-3576

inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure via the deleteFaveorite/ PATHINFO. The vulnerable code location is com.inxedu.os.edu.controller.user.UserControllerdeleteFavorite aka deleteFavorite in...

9.8CVSS9.4AI score0.01532EPSS
Exploits0References2
Prion
Prion
added 2019/01/02 5:29 p.m.10 views

Sql injection

inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure via the deleteFaveorite/ PATHINFO. The vulnerable code location is com.inxedu.os.edu.controller.user.UserControllerdeleteFavorite aka deleteFavorite in...

7.5CVSS9.3AI score0.01532EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/01/02 5:0 p.m.16 views

CVE-2019-3576

inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure via the deleteFaveorite/ PATHINFO. The vulnerable code location is com.inxedu.os.edu.controller.user.UserControllerdeleteFavorite aka deleteFavorite in...

9.5AI score0.01532EPSS
Exploits0References1
CVE
CVE
added 2019/01/02 5:0 p.m.39 views

CVE-2019-3576

CVE-2019-3576 affects the inxedu platform through 2018-12-24, where a SQL injection vulnerability exists in the user flow—specifically in the deleteFavorite path handled by UserController (deleteFavorite in com/inxedu/os/edu/controller/user/UserController.java) and triggered via MyBatis in course...

9.8CVSS9.3AI score0.01532EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder