CVE-2022-43319

CVE-2022-43319 affects Simple E-Learning System v1.0. The vulnerability resides in the endpoint vcs/downloadFiles.php?download=./search.php, enabling an attacker to read arbitrary files and thus disclose confidential data. The reported impact is High confidentiality loss (CVSS v3.1: AV:N/AC:L/PR:...

CVE-2022-2699

SourceCodester Simple E-Learning System is affected by a SQL injection vulnerability in the file /claire_blake, exploiting the phoneNumber parameter. The issue can be triggered remotely and exploits have been disclosed publicly. Affected versions are not clearly specified in the provided document...

CVE-2022-2665

SourceCodester Simple E-Learning System contains a SQL injection vulnerability in the classroom.php handling of the post_id parameter. The flaw allows remote exploitation and is documented as disclosed publicly (VDB-205615). Affected component is an unknown functionality of classroom.php; the spe...

CVE-2022-2701

The CVE-2022-2701 entry concerns SourceCodester Simple E-Learning System. A cross-site scripting (XSS) vulnerability is triggered by manipulating the Bio parameter in the file /claire_blake, affecting unknown code paths. The attack is remote, and public exploits have been disclosed. Multiple conn...

CVE-2022-2396

CVE-2022-2396 affects SourceCodester Simple e-Learning System 1.0. The vulnerability is an XSS in the /vcs/claire_blake endpoint, triggered by manipulating the Bio parameter with payload like >. Root cause is lack of input filtering on Bio, leading to client-side script execution. Attack can b...

CVE-2022-40872

Sourcecodester Simple E-Learning System 1.0 is affected by an SQL injection in the /vcs/classRoom.php?classCode= endpoint. The root cause is unsafely handling the classCode parameter, enabling an attacker to induce high-severity impact to confidentiality, integrity, and availability (CVSS v3.1: 9...

CVE-2022-2704

CVE-2022-2704 affects the SourceCodester Simple E-Learning System. The vulnerability is in the downloadFiles.php file where the value of the download parameter is not properly validated, allowing arbitrary file downloads and resulting in information disclosure. The issue can be exploited remotely...

CVE-2022-2490

CVE-2022-2490 affects SourceCodester Simple E-Learning System 1.0. The vulnerability is a SQL injection in an unknown function of the file search.php , triggered by manipulating the parameter classCode (example payload includes 1'||(SELECT 0x74666264 …)). Exploitation is possible remotely, and pu...

CVE-2022-2698

CVE-2022-2698 affects SourceCodester Simple E-Learning System, specifically the search.php functionality. The vulnerability is a SQL injection in the searchPost parameter that can be exploited remotely, with exploitation disclosed publicly. Multiple connected sources confirm the issue and classif...

CVE-2022-2489

SourceCodester Simple E-Learning System 1.0 contains a SQL injection in classRoom.php via crafted input of the classCode parameter (e.g., 1'||(SELECT ...)). The vulnerability is remote-exploitable and has a CVSSv3.1 base score of 8.8 (HIGH) per NVD, with high impact on confidentiality, integrity,...

CVE-2022-2697

SourceCodester Simple E-Learning System is affected by a SQL injection in the comment_frame.php file, via the post_id parameter. The vulnerability arises from an unknown function and can be exploited remotely; the exploit has been disclosed publicly. The identifier VDB-205818 is associated with t...