E-Learning System 1.0 - SQL Injection

E-Learning System 1.0 contains an unauthenticated SQL injection caused by unsanitized input, letting remote attackers execute arbitrary code on the server and gain a reverse shell, exploit requires no authentication. id: CVE-2021-3239 info: name: E-Learning System 1.0 - SQL Injection author:...

BIT-MOODLE-2022-50943 Moodle LMS 4.0 Cross-Site Scripting via course search.php

Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can inject JavaScript code via the search field in course/search.php to execute arbitrary scripts in users'...

CVE-2026-39405

Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in version 2.50.1...

strix-advanced

⚡ Strix-Advanced AI-Powered Security Testing Platform An...

PT-2026-34630

Name of the Vulnerable Software and Affected Versions Koollab LMS affected versions not specified Description A stored cross-site scripting XSS issue exists within the courselet feature. This flaw allows an attacker to execute arbitrary JavaScript on any user account that has access to this...

Exploit for CVE-2025-15521

CVE-2025-15521 The Academy LMS – WordPress LMS Plugin for Comp...

CVE-2026-4817

The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient...

EUVD-2026-22722

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an OS Command Injection vulnerability exists in the main/inc/ajax/gradebook.ajax.php endpoint within the exportallcertificates action, where the course code retrieved from the session variable $SESSION'cid'...

CVE-2026-34370

Chamilo LMS is affected in versions prior to 2.0.0-RC.3 by an IDOR in the Notebook module. An authenticated student can read another user’s private notes by altering notebook_id in the editnote action. The read path get_note_information() does not verify ownership, while write paths have ownershi...

CVE-2026-34160 Chamilo LMS: Unauthenticated SSRF via PENS Plugin allows attacker to probe internal network and reach cloud metadata services

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS Package Exchange Notification Services plugin endpoint at public/plugin/Pens/pens.php is accessible without authentication and accepts a user-controlled package-url parameter that the server fetche...

CVE-2026-33714 Chamilo LMS has Authenticated SQL Injection in statistics.ajax.php users_active action (2.0 RC2)

Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::removeXSS to the datestart and dateend...

PT-2026-32936

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an OS Command Injection vulnerability exists in the main/inc/ajax/gradebook.ajax.php endpoint within the export all certificates action, where the course code retrieved from the session variable $ SESSION'...

CVE-2026-31282

Totara LMS versions up to 19.1.5 are affected by a login-page misissue described as Incorrect Access Control, where the login form can be revealed through manipulated login page code. This can be combined with missing rate-limiting on the login form to enable brute-force attacks. Documents confir...

Totara LMS 19.1.5 Missing Rate Limiting

Totara LMS versions 19.1.5 and below have a forgot password flow that's missing rate limiting...

CVE-2026-33704

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user including students can write arbitrary content to files on the server via the BigUpload endpoint. The key parameter controls the filename and the raw POST body becomes the file content. While .php extensions are...

CVE-2026-33706

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the updateuserfromusername endpoint. A student status=5 can change their status to Teacher/CourseManager status=1, gaining course creation and management...

CVE-2026-33705

Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files .tpl under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel...

CVE-2026-33705 Chamilo LMS has unauthenticated access to Twig template source files exposes application logic

Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files .tpl under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel...

CVE-2026-33141

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the REST API stats endpoint allows any authenticated user including low-privilege students with ROLEUSER to read any other user's learning progress, certificates, and...

CVE-2026-33141

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the REST API stats endpoint allows any authenticated user including low-privilege students with ROLEUSER to read any other user's learning progress, certificates, and...