CVE-2024-10546

A vulnerability classified as critical was found in open-scratch Teaching 在线教学平台 up to 2.7. This vulnerability affects unknown code of the file /api/sys/ng-alain/getDictItemsByTable/ of the component URL Handler. The manipulation leads to sql injection. The attack can be initiated remotely. The...

CVE-2024-10546

A vulnerability classified as critical was found in open-scratch Teaching 在线教学平台 up to 2.7. This vulnerability affects unknown code of the file /api/sys/ng-alain/getDictItemsByTable/ of the component URL Handler. The manipulation leads to sql injection. The attack can be initiated remotely. The...

CVE-2024-10546

The CVE-2024-10546 entry concerns open-scratch Teaching 在线教学平台 (versions up to 2.7). The vulnerability exists in the URL Handler’s API endpoint /api/sys/ng-alain/getDictItemsByTable/ and is due to an SQL injection in that API. It is exploitable remotely and an exploit has been disclosed publicly....

CVE-2024-10546 open-scratch Teaching 在线教学平台 URL getDictItemsByTable sql injection

A vulnerability classified as critical was found in open-scratch Teaching 在线教学平台 up to 2.7. This vulnerability affects unknown code of the file /api/sys/ng-alain/getDictItemsByTable/ of the component URL Handler. The manipulation leads to sql injection. The attack can be initiated remotely. The...

CVE-2023-50609

Cross Site Scripting XSS vulnerability in AVA teaching video application service platform version 3.1, allows remote attackers to execute arbitrary code via a crafted script to ajax.aspx...

SQL Injection Vulnerability in Medical Virtual Simulation Teaching Experiment Platform of Shanghai Dream Road Digital Technology Co.

Medical virtual simulation teaching experiment platform is a virtual reality system with computer virtual reality and digital simulation technology as the core, biosimulation engine, processing factor database, virtual environment interface and other technologies as the support. Shanghai Dream Ro...

Information Leakage Vulnerability in Youmuzu Online Education Technology's Comprehensive Online Teaching Platform

Ltd. is a national high-tech enterprise, which was restructured and established at the end of 2014 by the former Digital Learning Research and Application Center of Institute of Educational Technology, Tsinghua University, and the series of scientific research results and technical support team o...

SQL Injection Vulnerability in the Frontend of Morphology Digital Lab Teaching Platform

Morphology digital experimental teaching platform is a virtual reality system with the core of computer virtual reality and digital simulation technology, supported by biosimulation engine, processing factor database, virtual environment interface and other technologies. There is a SQL injection...

SQL Injection Vulnerability in CCTV Online Teaching Platform

CCTV Digital Resource Teaching Platform is a platform for flexible lesson preparation and convenient teaching created for schools by Nanjing 55th Technology Development Co. A SQL injection vulnerability exists in the CCTF Online Network Teaching Platform. An attacker can use this vulnerability to...

Logic design loopholes in Wuhan Xinhongbo practice teaching management platform

Practice Teaching Management Platform is a comprehensive management platform integrating many functions such as resource construction, teaching practice, top practice, graduation design and experimental teaching counseling. Wuhan Xinhongbo Practice Teaching Management Platform has a logical desig...

SQL Injection Vulnerability in Online Teaching Platform of Higher Education Publishing House

The Higher Education Publishing House Online Teaching Platform is a system that provides online teaching and learning. A SQL injection vulnerability exists in the Higher Education Publishing House Network Teaching Platform, which can be exploited by attackers to obtain sensitive information from...