CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2396 – SourceCodester Simple e-Learning System claire_blake cross site scripting
https://notcve.org/view.php?id=CVE-2022-2396
14 Jul 2022 — A vulnerability classified as problematic was found in SourceCodester Simple e-Learning System 1.0. Affected by this vulnerability is an unknown functionality of the file /vcs/claire_blake. The manipulation of the argument Bio with the input "><script>alert(document.cookie)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/CyberThoth/CVE/blob/83c243538386cd0761025f85eb747eab7cae5c21/CVE/Simple%20e-Learning%20System/Cross%20Site%20Scripting%28Stored%29/POC.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 38%CPEs: 1EXPL: 4CVE-2021-3239
https://notcve.org/view.php?id=CVE-2021-3239
15 Feb 2021 — E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell. E-Learning System versión 1.0, sufre de una vulnerabilidad de inyección SQL no autenticada, que permite a atacantes remotos ejecutar código arbitrario en el servidor web de hosting y obtener un shell inverso • https://github.com/TCSWT/E-Learning-System/blob/main/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-14972
https://notcve.org/view.php?id=CVE-2020-14972
22 Jun 2020 — Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin login-portal and the edit-lessons webpages. Múltiples vulnerabilidades de inyección SQL en Sourcecodester Pisay Online E-Learning System versión 1.0, permiten a atacantes remotos no autenticados omitir la autenticación y lograr una Ejecución de Código Re... • https://www.exploit-db.com/exploits/48439 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •