3 results (0.024 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to \lms\student_avatar.php. Una vulnerabilidad de carga de archivos arbitrarios en SourceCodester Learning Management System versión v1.0, permite a atacantes ejecutar código arbitrario, por medio de la carga de archivos en el archivo \lms\student_avatar.php • https://github.com/TCSWT/Learning-Management-System/blob/main/README.md • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information. Una vulnerabilidad de inyección SQL en Learning Management System versión v1.0, permite a atacantes remotos ejecutar sentencias SQL arbitrarias mediante el parámetro id para obtener información confidencial de la base de datos • https://github.com/TCSWT/Learning-Management-System/blob/main/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message. Existe Cross-Site Scripting (XSS) en PHP Scripts Mall Learning and Examination Management System Script 2.3.1 mediante un mensaje manipulado. Learning and Examination Management System Script version 2.3.1 suffers from a persistent cross site scripting vulnerability. • https://exploit-db.com/exploits/44170 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •