CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43319
https://notcve.org/view.php?id=CVE-2022-43319
07 Nov 2022 — An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files. Una vulnerabilidad de divulgación de información en el componente vcs/downloadFiles.php?download=. • https://github.com/ImaizumiYui/bug_report/blob/main/vendors/oretnom23/Simple%20E-Learning%20System/discl1.md •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40872
https://notcve.org/view.php?id=CVE-2022-40872
07 Oct 2022 — An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode. Se ha detectado un problema de vulnerabilidad de inyección SQL en Sourcecodester Simple E-Learning System versión 1.0. en el archivo /vcs/classRoom.php?classCode=, classCode • https://github.com/xtxxueyan/bug_report/blob/main/vendors/onetnom23/Simple%20E-Learning%20System/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2490 – SourceCodester Simple E-Learning System search.php sql injection
https://notcve.org/view.php?id=CVE-2022-2490
20 Jul 2022 — A vulnerability classified as critical has been found in SourceCodester Simple E-Learning System 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument classCode with the input 1'||(SELECT 0x74666264 WHERE 5610=5610 AND (SELECT 7504 FROM(SELECT COUNT(*),CONCAT(0x7171627a71,(SELECT (ELT(7504=7504,1))),0x71717a7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' leads to sql injection. It is possible to launch the attack remotely. The exploit has bee... • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Simple-E-Learning-System.md#search.php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2489 – SourceCodester Simple E-Learning System classRoom.php sql injection
https://notcve.org/view.php?id=CVE-2022-2489
20 Jul 2022 — A vulnerability was found in SourceCodester Simple E-Learning System 1.0. It has been rated as critical. This issue affects some unknown processing of the file classRoom.php. The manipulation of the argument classCode with the input 1'||(SELECT 0x6770715a WHERE 8795=8795 AND (SELECT 8342 FROM(SELECT COUNT(*),CONCAT(0x7171786b71,(SELECT (ELT(8342=8342,1))),0x717a7a7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' leads to sql injection. The attack may be initiated remotely. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Simple-E-Learning-System.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2396 – SourceCodester Simple e-Learning System claire_blake cross site scripting
https://notcve.org/view.php?id=CVE-2022-2396
14 Jul 2022 — A vulnerability classified as problematic was found in SourceCodester Simple e-Learning System 1.0. Affected by this vulnerability is an unknown functionality of the file /vcs/claire_blake. The manipulation of the argument Bio with the input "><script>alert(document.cookie)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/CyberThoth/CVE/blob/83c243538386cd0761025f85eb747eab7cae5c21/CVE/Simple%20e-Learning%20System/Cross%20Site%20Scripting%28Stored%29/POC.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •