3 matches found
CVE-2010-2356
CVE-2010-2356 affects Pilot Group (PG) eLMS Pro: XSS in subscribe.php, exploitable via the course_id parameter. Root cause is reflected/script injection in the course_id handling. The NVD notes a CVSSv2 base score of 4.3 (Medium) with network attack vector, no authentication, and partial integrit...
CVE-2010-2354
CVE-2010-2354 affects Pilot Group (PG) eLMS Pro, where subscribe.php is vulnerable to SQL injection via the course_id parameter. The root cause is improper handling of input leading to arbitrary SQL execution by remote attackers, with impact described as allowing arbitrary commands and partial da...
CVE-2010-2355
The CVE-2010-2355 entry describes a Cross-site scripting (XSS) vulnerability in error.php of Pilot Group (PG) eLMS Pro. The flaw allows remote attackers to inject arbitrary web script or HTML via the message parameter, potentially affecting any user who views the compromised page. The NVD details...