CVE-2025-13679

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getorderbyid function in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with...

EUVD-2021-11474

Malware in sbrugna...

CVE-2023-27375

Missing authentication in the StudentPopupDetailsContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers...

CVE-2023-27376

Missing authentication in the StudentPopupDetailsStudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers...

CVE-2023-26570

Missing authentication in the StudentPopupDetailsTimetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers...

PT-2023-21083 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns missing authentication in the StudentPopupDetails StudentDetails method, allowing unauthenticated attackers to extract sensitive student data. Recommendations: For...

CVE-2022-30760

An Insecure Direct Object Reference IDOR issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information final grades, study courses, degrees by changing the student ID parameter in the HTTP POST request to the FrontControllerSS...

Improper Access Control on view student list

Description lavsms system provide a feature for teachers to view any student in the systems. The problem is when student also can view the student's list. They also can download the list in pdf or excel. Proof of Concept 1. GET http://lavsms.test/students/list/id Step to reproduce 1. Login as...

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. WordPress plugin LMS by LifterLMS â€" Online Course, Membership & Learning Management System Versions prior to 4.21....

Biggest ISP in Kuwait Qualitynet Side-Server Database Leaked

Biggest ISP in Kuwait Qualitynet Side-Server Database Leaked AnonKuwait claim to hack the Biggest ISP in Kuwait "Qualitynet " and leaked 14MB of data in sql format server-side database. Penetration of one of Qualitynet servers working for Ministry of Education having a database containing high...