Lucene search
K

6 matches found

EUVD
EUVD
added 2026/06/23 3:34 p.m.9 views

EUVD-2026-38463

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response...

7.1CVSS5.9AI score0.00213EPSS
Exploits0References3
OSV
OSV
added 2025/04/11 1:15 a.m.4 views

CVE-2025-32809

W. W. Norton InQuizitive through 2025-04-08 allows students to conduct stored XSS attacks against educators via a bonus description, feedback.choicefb, or questionid...

5.4CVSS5.8AI score0.00218EPSS
Exploits1References1
OSV
OSV
added 2024/05/16 6:15 a.m.6 views

CVE-2024-4318

The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘questionid’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS5.9AI score0.00511EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/04/30 12:0 a.m.12 views

The vulnerability of the Tutor LMS plugin for the WordPress content management system allows a hacker to execute arbitrary SQL queries and gain unauthorized access to protected information.

The vulnerability of the Tutor LMS plugin for the WordPress content management system is related to the lack of protection for the SQL query structure when processing the questionid parameter. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries and gain unauthorized...

9CVSS8.3AI score0.03135EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/22 12:0 a.m.5 views

PT-2024-3141

Name of the Vulnerable Software and Affected Versions Tutor LMS versions up to, and including, 2.6.1 Description The issue is related to a SQL Injection vulnerability due to insufficient protection of the SQL query structure when handling the question id parameter. This allows a remote attacker t...

9CVSS8.7AI score0.03135EPSS
Exploits0References10
OSV
OSV
added 2022/09/08 5:15 p.m.4 views

CVE-2022-38260

Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=questiondelete&id=...

7.2CVSS5.8AI score0.0083EPSS
Exploits1References1
Rows per page
Query Builder