Lucene search
K

199 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-13443

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Lesson Attachment Title in all versions up to, and including, 3.9.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00206EPSS
Exploits0References8
CVE
CVE
added 2 days ago7 views

CVE-2026-13443

The CVE-2026-13443 entry concerns the WordPress plugin Tutor LMS (eLearning and online course solution). Affected: all versions up to and including 3.9.13. Issue: Stored Cross-Site Scripting via the Lesson Attachment Title due to insufficient input sanitization and output escaping. Impact: authen...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References8
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-13443 Tutor LMS <= 3.9.13 - Authenticated (Author+) Stored Cross-Site Scripting via Lesson Attachment Title

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Lesson Attachment Title in all versions up to, and including, 3.9.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00206EPSS
Exploits0References8
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40893

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Lesson Attachment Title in all versions up to, and including, 3.9.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.3 views

CVE-2026-3371

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authorization checks in the savecoursecontentorder private method, which is called unconditionally by the...

4.3CVSS5.8AI score0.00358EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/11 1:25 a.m.2 views

CVE-2026-3371

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authorization checks in the savecoursecontentorder private method, which is called unconditionally by the...

4.3CVSS5.8AI score0.00358EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.3 views

CVE-2026-5546

A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts the function addlesson of the file /application/models/Crudmodel.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and ma...

6.5CVSS6.4AI score0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/05 9:30 a.m.5 views

EUVD-2026-19040

A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts the function addlesson of the file /application/models/Crudmodel.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and ma...

6.5CVSS6.3AI score0.00257EPSS
Exploits0References6
NVD
NVD
added 2026/04/05 7:16 a.m.5 views

CVE-2026-5546

A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts the function addlesson of the file /application/models/Crudmodel.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and ma...

6.5CVSS0.00257EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/05 6:0 a.m.3 views

CVE-2026-5546

A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts the function addlesson of the file /application/models/Crudmodel.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and ma...

6.5CVSS5.6AI score0.00257EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/05 6:0 a.m.1 views

CVE-2026-5546 Campcodes Complete Online Learning Management System Crud_model.php add_lesson unrestricted upload

A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts the function addlesson of the file /application/models/Crudmodel.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and ma...

6.5CVSS6.3AI score0.00257EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/05 6:0 a.m.29 views

CVE-2026-5546 Campcodes Complete Online Learning Management System Crud_model.php add_lesson unrestricted upload

A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts the function addlesson of the file /application/models/Crudmodel.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and ma...

6.5CVSS0.00257EPSS
Exploits0References5
CVE
CVE
added 2026/04/05 6:0 a.m.19 views

CVE-2026-5546

CVE-2026-5546 affects Campcodes Complete Online Learning Management System 1.0; the flaw is in Crud_model.php add_lesson, where a manipulation leads to unrestricted file uploads. The issue can be triggered remotely, and the exploit has been published. No remediation details are provided in the av...

6.5CVSS6.3AI score0.00257EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.8 views

PT-2026-30417

A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts the function add lesson of the file /application/models/Crud model.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and...

6.5CVSS6.3AI score0.00257EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.11 views

CampCodes Complete Online Learning Management System 代码问题漏洞

CampCodes Complete Online Learning Management System is an online learning system developed by the Philippine company CampCodes. Version 1.0 of the Campcodes Complete Online Learning Management System has a code vulnerability. This vulnerability stems from improper upload restrictions in the...

6.5CVSS6.8AI score0.00257EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/06 3:31 p.m.6 views

EUVD-2018-21625

DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive...

8.8CVSS5.9AI score0.00134EPSS
Exploits0References3
NVD
NVD
added 2026/03/06 1:15 p.m.6 views

CVE-2018-25170

DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive...

8.8CVSS0.00134EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/06 12:19 p.m.27 views

CVE-2018-25170 DoceboLMS 1.2 SQL Injection via lesson.php

DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive...

8.8CVSS0.00134EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/06 12:19 p.m.1 views

CVE-2018-25170 DoceboLMS 1.2 SQL Injection via lesson.php

DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive...

8.8CVSS5.9AI score0.00134EPSS
Exploits0References2
CVE
CVE
added 2026/03/06 12:19 p.m.10 views

CVE-2018-25170

CVE-2018-25170 affects DoceboLMS 1.2. An SQL injection enables unauthenticated attackers to manipulate queries by injecting SQL through lesson.php parameters id, idC, and idU via GET requests to retrieve sensitive data. The connected sources confirm the vulnerability and affected workflow but do ...

8.8CVSS5.9AI score0.00134EPSS
Exploits0References2
Rows per page
Query Builder