CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43319
https://notcve.org/view.php?id=CVE-2022-43319
07 Nov 2022 — An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files. Una vulnerabilidad de divulgación de información en el componente vcs/downloadFiles.php?download=. • https://github.com/ImaizumiYui/bug_report/blob/main/vendors/oretnom23/Simple%20E-Learning%20System/discl1.md •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40872
https://notcve.org/view.php?id=CVE-2022-40872
07 Oct 2022 — An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode. Se ha detectado un problema de vulnerabilidad de inyección SQL en Sourcecodester Simple E-Learning System versión 1.0. en el archivo /vcs/classRoom.php?classCode=, classCode • https://github.com/xtxxueyan/bug_report/blob/main/vendors/onetnom23/Simple%20E-Learning%20System/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2704 – SourceCodester Simple E-Learning System downloadFiles.php information disclosure
https://notcve.org/view.php?id=CVE-2022-2704
08 Aug 2022 — A vulnerability was found in SourceCodester Simple E-Learning System. It has been declared as problematic. This vulnerability affects unknown code of the file downloadFiles.php. The manipulation of the argument download leads to information disclosure. The attack can be initiated remotely. • https://github.com/vuls/vuls/blob/main/Simple%20E-Learning%20System%20downloadFiles.php%20Arbitrary%20File%20Download/Simple%20E-Learning%20System%20downloadFiles.php%20Arbitrary%20File%20Download.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2701 – SourceCodester Simple E-Learning System claire_blake cross site scripting
https://notcve.org/view.php?id=CVE-2022-2701
08 Aug 2022 — A vulnerability classified as problematic was found in SourceCodester Simple E-Learning System. This vulnerability affects unknown code of the file /claire_blake. The manipulation of the argument Bio leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/E1CHO/water_cve/blob/main/E-learning%20System%20personal%20data%20modification%20XSS%20vulnerability.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2699 – SourceCodester Simple E-Learning System claire_blake sql injection
https://notcve.org/view.php?id=CVE-2022-2699
08 Aug 2022 — A vulnerability was found in SourceCodester Simple E-Learning System. It has been rated as critical. Affected by this issue is some unknown functionality of the file /claire_blake. The manipulation of the argument phoneNumber leads to sql injection. The attack may be launched remotely. • https://github.com/E1CHO/water_cve/blob/main/E-learning%20System%20personal%20data%20modification%20SQl%20vulnerability.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2698 – SourceCodester Simple E-Learning System search.php sql injection
https://notcve.org/view.php?id=CVE-2022-2698
07 Aug 2022 — A vulnerability was found in SourceCodester Simple E-Learning System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument searchPost leads to sql injection. The attack can be launched remotely. • https://github.com/E1CHO/water_cve/blob/main/E-learning%20System%20Class%20comment%20query%20SQl%20vulnerability.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2697 – SourceCodester Simple E-Learning System comment_frame.php sql injection
https://notcve.org/view.php?id=CVE-2022-2697
07 Aug 2022 — A vulnerability was found in SourceCodester Simple E-Learning System. It has been classified as critical. Affected is an unknown function of the file comment_frame.php. The manipulation of the argument post_id leads to sql injection. It is possible to launch the attack remotely. • https://github.com/E1CHO/water_cve/blob/main/E-learning%20System%20comment_frame.php%20post_id%20parameter%20SQl%20injection.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2665 – SourceCodester Simple E-Learning System classroom.php sql injection
https://notcve.org/view.php?id=CVE-2022-2665
05 Aug 2022 — A vulnerability classified as critical was found in SourceCodester Simple E-Learning System. Affected by this vulnerability is an unknown functionality of the file classroom.php. The manipulation of the argument post_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.205615 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2490 – SourceCodester Simple E-Learning System search.php sql injection
https://notcve.org/view.php?id=CVE-2022-2490
20 Jul 2022 — A vulnerability classified as critical has been found in SourceCodester Simple E-Learning System 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument classCode with the input 1'||(SELECT 0x74666264 WHERE 5610=5610 AND (SELECT 7504 FROM(SELECT COUNT(*),CONCAT(0x7171627a71,(SELECT (ELT(7504=7504,1))),0x71717a7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' leads to sql injection. It is possible to launch the attack remotely. The exploit has bee... • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Simple-E-Learning-System.md#search.php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2489 – SourceCodester Simple E-Learning System classRoom.php sql injection
https://notcve.org/view.php?id=CVE-2022-2489
20 Jul 2022 — A vulnerability was found in SourceCodester Simple E-Learning System 1.0. It has been rated as critical. This issue affects some unknown processing of the file classRoom.php. The manipulation of the argument classCode with the input 1'||(SELECT 0x6770715a WHERE 8795=8795 AND (SELECT 8342 FROM(SELECT COUNT(*),CONCAT(0x7171786b71,(SELECT (ELT(8342=8342,1))),0x717a7a7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' leads to sql injection. The attack may be initiated remotely. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Simple-E-Learning-System.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •