CVE-2025-5170

A vulnerability classified as critical was found in llisoft MTA Maita Training System 4.5. This vulnerability affects the function AdminShitiListRequestVo of the file com\llisoft\controller\admin\shiti\AdminShitiController.java. The manipulation of the argument stTypeIds leads to sql injection. T...

YxtCMF SQL Injection Vulnerability

YxtCMF is an online learning system. The system has functions such as online live broadcast, online question and answer, teacher management and forum. A SQL injection vulnerability exists in the ShitiController.class.php file in YxtCMF version 3.1. A remote attacker can exploit this vulnerability...

CVE-2018-7732

An issue was discovered in YxtCMF 3.1. SQL Injection exists in ShitiController.class.php via the ids array parameter to exam/shiti/delshiti.html...

SQL injection vulnerability in YxtCMF frontend ShitiController.class.php page

YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. A SQL injection vulnerability exists in the YxtCMF frontend ShitiController.class.php page. The vulnerability is due to the system failing to effectively filter...

YxtCMF v3.1.0 SQL Injection Vulnerability in Frontend ShitiController.class.php Page

YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. YxtCMF v3.1.0 has a SQL injection vulnerability in the frontend ShitiController.class.php page. An attacker can exploit this vulnerability to obtain sensitive...

Cross-site scripting vulnerability in the addshiti_post function on the YxtCMF ShitiController.class.php page

YxtCMF Yi Xue Tang Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. A cross-site scripting vulnerability exists in the addshitipost function on the YxtCMF ShitiController.class.php page. An attacker can insert malicious js code into...