463 matches found
Logic flaw vulnerability in n5 of the Nanqiong examination system (CNVD-2023-59091)
Nanqiong Exam System n5 is a handheld learning system that realizes online practice, mode exam, exam and result inquiry in one. A logic flaw vulnerability exists in Nanqiong Exam System n5, which can be exploited by an attacker to log into the system and obtain sensitive information...
CVE-2022-47132
A Cross-Site Request Forgery CSRF in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users...
CVE-2022-43319
An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files...
CVE-2022-43319
An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files...
Information disclosure
An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files...
CVE-2022-43319
An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files...
CVE-2022-43319
An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files...
PT-2022-26845 · Unknown · Simple E-Learning System
Name of the Vulnerable Software and Affected Versions: Simple E-Learning System version 1.0 Description: An information disclosure issue exists in the component "vcs/downloadFiles.php?download=./search.php" of Simple E-Learning System, allowing attackers to read arbitrary files. Recommendations:...
CVE-2022-43319
CVE-2022-43319 affects Simple E-Learning System v1.0. The vulnerability resides in the endpoint vcs/downloadFiles.php?download=./search.php, enabling an attacker to read arbitrary files and thus disclose confidential data. The reported impact is High confidentiality loss (CVSS v3.1: AV:N/AC:L/PR:...
CVE-2022-42925
There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker with the role of student to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection...
CVE-2022-41681
There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker with the role of student to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection...
CVE-2022-40872
An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode...
Sql injection
An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode...
Simple E-Learning System SQL注入漏洞
Simple E-Learning System is a simple e-learning system. version 1.0 of Simple E-Learning System is vulnerable to SQL injection, which stems from the presence of SQL injection in classCode. No detailed vulnerability details are available at this time...
PT-2022-25597 · Unknown · Sourcecodester Simple E-Learning System
Name of the Vulnerable Software and Affected Versions: Sourcecodester Simple E-Learning System version 1.0 Description: A SQL injection issue was found in the /vcs/classRoom.php endpoint, specifically with the classCode parameter. This allows for potential SQL injection attacks. Recommendations:...
CVE-2022-40872
An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode...
CVE-2022-40872
Sourcecodester Simple E-Learning System 1.0 is affected by an SQL injection in the /vcs/classRoom.php?classCode= endpoint. The root cause is unsafely handling the classCode parameter, enabling an attacker to induce high-severity impact to confidentiality, integrity, and availability (CVSS v3.1: 9...
CVE-2022-40872
An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode...
Chamilo LMS 代码问题漏洞
Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS v1.11, which stems from a zip...
aEnrich eHRD Learning Management Key Performance Indicator System 5.x 安全漏洞
aEnrich eHRD Learning Management Key Performance Indicator System 5+ is a web-based Learning Management System LMS from aEnrich Corporation in China. A security vulnerability exists in the aEnrich eHRD Learning Management Key Performance Indicator System version 5.x, which originates from exposin...