CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4349 – SourceCodester Pisay Online E-Learning System controller.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-4349
A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/CveSecLook/cve/issues/19 https://vuldb.com/?ctiid.262489 https://vuldb.com/?id.262489 https://vuldb.com/?submit.324929 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-14972
https://notcve.org/view.php?id=CVE-2020-14972
Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin login-portal and the edit-lessons webpages. Múltiples vulnerabilidades de inyección SQL en Sourcecodester Pisay Online E-Learning System versión 1.0, permiten a atacantes remotos no autenticados omitir la autenticación y lograr una Ejecución de Código Remota (RCE) por medio de los parámetros user_email, user_pass e id en el portal de inicio de sesión de administrador y las páginas web edit-lessons • https://www.exploit-db.com/exploits/48439 https://www.sourcecodester.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •