Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to \lms\student_avatar.php.
9.8CVSS
9.6AI Score
0.008EPSS
SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information.
7.5CVSS
8AI Score
0.002EPSS