The vulnerability of the Chamilo LMS electronic learning and content management system lies in the lack of measures to neutralize special elements used within the operating system, allowing attackers to execute arbitrary SQL queries.

The vulnerability of the Chamilo LMS, a system for electronic teaching and content management, lies in the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary SQL...

The vulnerability of the Chamilo LMS electronic learning and content management system lies in the lack of measures to neutralize special elements used within the operating system, allowing attackers to execute arbitrary SQL queries.

The vulnerability of the Chamilo LMS, a system for electronic teaching and content management, lies in the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability could allow a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability of the Chamilo LMS electronic learning and content management system lies in the lack of verification of the validity of XML objects’ sequences. This allows attackers to execute arbitrary SQL queries.

The vulnerability of the Chamilo LMS, a system for electronic teaching and content management, lies in the lack of verification of the validity of XML objects’ sequences. Exploiting this vulnerability could allow an attacker, operating remotely, to execute arbitrary SQL queries...

CVE-2025-5213

A vulnerability was found in projectworlds Responsive E-Learning System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/deletefile.php. The manipulation of the argument ID leads to sql injection. The attack can be launched...

CVE-2025-5213

A vulnerability was found in projectworlds Responsive E-Learning System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/deletefile.php. The manipulation of the argument ID leads to sql injection. The attack can be launched...

CVE-2025-5213 projectworlds Responsive E-Learning System delete_file.php sql injection

A vulnerability was found in projectworlds Responsive E-Learning System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/deletefile.php. The manipulation of the argument ID leads to sql injection. The attack can be launched...

CVE-2025-5213

CVE-2025-5213 affects projectworlds Responsive E-Learning System 1.0. The vulnerability is an SQL injection in an unknown functionality of the file /admin/delete_file.php caused by improper handling of the ID argument. It can be exploited remotely and the exploit has been disclosed publicly. Impa...

PT-2025-22942 · Unknown · Projectworlds Responsive E-Learning System

Name of the Vulnerable Software and Affected Versions: projectworlds Responsive E-Learning System version 1.0 Description: A critical issue has been identified in the system, affecting an unknown functionality of the file /admin/delete file.php. The manipulation of the ID argument leads to SQL...

CVE-2024-1970

A vulnerability, which was classified as problematic, was found in SourceCodester Online Learning System V2 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit h...

CVE-2024-32714

Missing Authorization vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.16...

CVE-2024-54926

A SQL Injection vulnerability was found in /searchclass.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the schoolyear parameter...

CVE-2024-54921

A SQL Injection was found in /studentsignup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and classid parameters...

CVE-2024-54928

kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deleteteacher.php,...

CVE-2024-54934

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deleteclass.php...

CVE-2024-11321

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Hi e-learning Learning Management System LMS allows Reflected XSS. This issue affects Learning Management System LMS: before 06.12.2024...

CVE-2024-50409

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bob Namaste! LMS namaste-lms allows Stored XSS.This issue affects Namaste! LMS: from n/a through = 2.6.2...

CVE-2022-2697

A vulnerability was found in SourceCodester Simple E-Learning System. It has been classified as critical. Affected is an unknown function of the file commentframe.php. The manipulation of the argument postid leads to sql injection. It is possible to launch the attack remotely. The exploit has bee...

CVE-2022-2704

A vulnerability was found in SourceCodester Simple E-Learning System. It has been declared as problematic. This vulnerability affects unknown code of the file downloadFiles.php. The manipulation of the argument download leads to information disclosure. The attack can be initiated remotely. The...

CVE-2022-2701

A vulnerability classified as problematic was found in SourceCodester Simple E-Learning System. This vulnerability affects unknown code of the file /claireblake. The manipulation of the argument Bio leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclose...

CVE-2022-40872

An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode...