CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1590 – SourceCodester E-Learning System List of Lessons Page index.php unrestricted upload
https://notcve.org/view.php?id=CVE-2025-1590
23 Feb 2025 — A vulnerability was found in SourceCodester E-Learning System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/lesson/index.php of the component List of Lessons Page. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. • https://vuldb.com/?ctiid.296574 • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1589 – SourceCodester E-Learning System User Registration register.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-1589
23 Feb 2025 — A vulnerability was found in SourceCodester E-Learning System 1.0 and classified as problematic. This issue affects some unknown processing of the file /register.php of the component User Registration Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Eine problematische Schwachstelle wurde in SourceCodester E-Learning System 1.0 gefunden. • https://vuldb.com/?ctiid.296573 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43319
https://notcve.org/view.php?id=CVE-2022-43319
07 Nov 2022 — An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files. Una vulnerabilidad de divulgación de información en el componente vcs/downloadFiles.php?download=. • https://github.com/ImaizumiYui/bug_report/blob/main/vendors/oretnom23/Simple%20E-Learning%20System/discl1.md •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40872
https://notcve.org/view.php?id=CVE-2022-40872
07 Oct 2022 — An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode. Se ha detectado un problema de vulnerabilidad de inyección SQL en Sourcecodester Simple E-Learning System versión 1.0. en el archivo /vcs/classRoom.php?classCode=, classCode • https://github.com/xtxxueyan/bug_report/blob/main/vendors/onetnom23/Simple%20E-Learning%20System/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2490 – SourceCodester Simple E-Learning System search.php sql injection
https://notcve.org/view.php?id=CVE-2022-2490
20 Jul 2022 — A vulnerability classified as critical has been found in SourceCodester Simple E-Learning System 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument classCode with the input 1'||(SELECT 0x74666264 WHERE 5610=5610 AND (SELECT 7504 FROM(SELECT COUNT(*),CONCAT(0x7171627a71,(SELECT (ELT(7504=7504,1))),0x71717a7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' leads to sql injection. It is possible to launch the attack remotely. The exploit has bee... • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Simple-E-Learning-System.md#search.php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2489 – SourceCodester Simple E-Learning System classRoom.php sql injection
https://notcve.org/view.php?id=CVE-2022-2489
20 Jul 2022 — A vulnerability was found in SourceCodester Simple E-Learning System 1.0. It has been rated as critical. This issue affects some unknown processing of the file classRoom.php. The manipulation of the argument classCode with the input 1'||(SELECT 0x6770715a WHERE 8795=8795 AND (SELECT 8342 FROM(SELECT COUNT(*),CONCAT(0x7171786b71,(SELECT (ELT(8342=8342,1))),0x717a7a7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' leads to sql injection. The attack may be initiated remotely. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Simple-E-Learning-System.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2396 – SourceCodester Simple e-Learning System claire_blake cross site scripting
https://notcve.org/view.php?id=CVE-2022-2396
14 Jul 2022 — A vulnerability classified as problematic was found in SourceCodester Simple e-Learning System 1.0. Affected by this vulnerability is an unknown functionality of the file /vcs/claire_blake. The manipulation of the argument Bio with the input "><script>alert(document.cookie)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/CyberThoth/CVE/blob/83c243538386cd0761025f85eb747eab7cae5c21/CVE/Simple%20e-Learning%20System/Cross%20Site%20Scripting%28Stored%29/POC.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 38%CPEs: 1EXPL: 4CVE-2021-3239
https://notcve.org/view.php?id=CVE-2021-3239
15 Feb 2021 — E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell. E-Learning System versión 1.0, sufre de una vulnerabilidad de inyección SQL no autenticada, que permite a atacantes remotos ejecutar código arbitrario en el servidor web de hosting y obtener un shell inverso • https://github.com/TCSWT/E-Learning-System/blob/main/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-14972
https://notcve.org/view.php?id=CVE-2020-14972
22 Jun 2020 — Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin login-portal and the edit-lessons webpages. Múltiples vulnerabilidades de inyección SQL en Sourcecodester Pisay Online E-Learning System versión 1.0, permiten a atacantes remotos no autenticados omitir la autenticación y lograr una Ejecución de Código Re... • https://www.exploit-db.com/exploits/48439 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •