CVE-2024-11868

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course...

PT-2024-17305

Name of the Vulnerable Software and Affected Versions LearnPress – WordPress LMS Plugin versions up to, and including, 4.2.7.3 Description The issue concerns Sensitive Information Exposure, allowing unauthenticated attackers to extract potentially sensitive paid course material through the...

PT-2024-17676 · Juanpao · Jpshop

Name of the Vulnerable Software and Affected Versions: Juanpao JPShop versions up to 1.5.02 Description: A critical issue has been found in the API component, specifically affecting the actionUpdate function of the /api/controllers/merchant/design/MaterialController.php file. The manipulation of...

PT-2024-20228 · Jsherp · Jsherp

Name of the Vulnerable Software and Affected Versions: jshERP version 3.3 Description: The issue is related to SQL Injection. The com.jsh.erp.controller.MaterialController, specifically the getListWithStock function, does not properly filter the column and order parameters, allowing an attacker t...

CVE-2024-0505

A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical. This issue affects the function getFile of the file com/java3y/austin/web/controller/MaterialController.java of the component Upload Material Menu. The manipulation leads to unrestricted upload. The exploit has bee...

Austin security breach

Austin is a message push platform. A security vulnerability exists in ZhongFuCheng3y Austin version 1.0, which originates from a security issue in the getFile function in the com/java3y/austin/web/controller/MaterialController.java in the component Upload Material Menu. function in the component...