Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877 allows a remote attacker to execute arbitrary code via the LoginComp (Module 2093) and SignupComp (Module 2094) mo…
Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary class…
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as unde…
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to insufficient sanitization of the page parameter in the session/…
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to improper sanitization of the keyword_active parameter in admin/…
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability in the admin/user_list.php endpoint. The keyword_inactive parameter is…
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists in the session_category_add.php script. The vulnerability is caused by impr…
Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allows an authenticated user to forcibly add…
Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization …
Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openid_url parameter. This issue has been patched in version 1.11.30.
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST co…
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. This is…
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. This…
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in versi…
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. This issue has been patched in version 1.11.…
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. This i…
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advance_search.php.
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/myitem_reuse.php.
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_edit.php.
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudent_edit.php.