6 matches found
CVE-2022-2699
SourceCodester Simple E-Learning System is affected by a SQL injection vulnerability in the file /claire_blake, exploiting the phoneNumber parameter. The issue can be triggered remotely and exploits have been disclosed publicly. Affected versions are not clearly specified in the provided document...
CVE-2022-2665
SourceCodester Simple E-Learning System contains a SQL injection vulnerability in the classroom.php handling of the post_id parameter. The flaw allows remote exploitation and is documented as disclosed publicly (VDB-205615). Affected component is an unknown functionality of classroom.php; the spe...
CVE-2022-2701
The CVE-2022-2701 entry concerns SourceCodester Simple E-Learning System. A cross-site scripting (XSS) vulnerability is triggered by manipulating the Bio parameter in the file /claire_blake, affecting unknown code paths. The attack is remote, and public exploits have been disclosed. Multiple conn...
CVE-2022-2704
CVE-2022-2704 affects the SourceCodester Simple E-Learning System. The vulnerability is in the downloadFiles.php file where the value of the download parameter is not properly validated, allowing arbitrary file downloads and resulting in information disclosure. The issue can be exploited remotely...
CVE-2022-2698
CVE-2022-2698 affects SourceCodester Simple E-Learning System, specifically the search.php functionality. The vulnerability is a SQL injection in the searchPost parameter that can be exploited remotely, with exploitation disclosed publicly. Multiple connected sources confirm the issue and classif...
CVE-2022-2697
SourceCodester Simple E-Learning System is affected by a SQL injection in the comment_frame.php file, via the post_id parameter. The vulnerability arises from an unknown function and can be exploited remotely; the exploit has been disclosed publicly. The identifier VDB-205818 is associated with t...