cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2025-1590,https://securityvulnerability.io/vulnerability/CVE-2025-1590,Unrestricted Upload Vulnerability in SourceCodester E-Learning System,"A vulnerability exists in the SourceCodester E-Learning System in the /admin/modules/lesson/index.php file, which allows for unrestricted file uploads. This flaw can be exploited by attackers to upload malicious files remotely, potentially compromising the integrity and security of the application. It's critical for users of this system to apply updates and safeguards to prevent unauthorized access and file manipulation.",Sourcecodester,E-learning System,5.1,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-23T18:31:04.234Z,0 CVE-2025-1589,https://securityvulnerability.io/vulnerability/CVE-2025-1589,Cross Site Scripting Vulnerability in SourceCodester E-Learning System,"A cross site scripting vulnerability exists in the SourceCodester E-Learning System version 1.0, specifically within the user registration handler at /register.php. An attacker may exploit this issue remotely by manipulating the input to inject malicious scripts. This could lead to unauthorized access, data theft, or further malicious actions against users. It is crucial to apply patches and take preventative measures to mitigate this risk.",Sourcecodester,E-learning System,5.3,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-23T18:00:09.904Z,0 CVE-2024-4349,https://securityvulnerability.io/vulnerability/CVE-2024-4349,SourceCodester Pisay Online E-Learning System controller.php unrestricted upload,"A security flaw in the SourceCodester Pisay Online E-Learning System version 1.0 allows for unrestricted file uploads through the controller.php script. This vulnerability is triggered by manipulating the 'file' argument, enabling attackers to upload malicious files remotely. The exploit is publicly disclosed and may pose significant risks to the integrity and confidentiality of the system. System administrators are urged to apply mitigations promptly to prevent potential exploitation.",Sourcecodester,Pisay Online E-learning System,7.3,HIGH,0.00044999999227002263,false,,false,false,true,2024-04-30T22:15:00.000Z,true,false,false,,2024-04-30T23:15:00.000Z,0 CVE-2022-2697,https://securityvulnerability.io/vulnerability/CVE-2022-2697,SourceCodester Simple E-Learning System comment_frame.php sql injection,A vulnerability was found in SourceCodester Simple E-Learning System. It has been classified as critical. Affected is an unknown function of the file comment_frame.php. The manipulation of the argument post_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205818 is the identifier assigned to this vulnerability.,Sourcecodester,Simple E-learning System,6.3,MEDIUM,0.002360000042244792,false,,false,false,false,,,false,false,,2022-08-08T13:15:00.000Z,0 CVE-2022-2704,https://securityvulnerability.io/vulnerability/CVE-2022-2704,SourceCodester Simple E-Learning System downloadFiles.php information disclosure,A vulnerability was found in SourceCodester Simple E-Learning System. It has been declared as problematic. This vulnerability affects unknown code of the file downloadFiles.php. The manipulation of the argument download leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205828.,Sourcecodester,Simple E-learning System,4.3,MEDIUM,0.0027000000700354576,false,,false,false,false,,,false,false,,2022-08-08T12:50:25.000Z,0 CVE-2022-2701,https://securityvulnerability.io/vulnerability/CVE-2022-2701,SourceCodester Simple E-Learning System claire_blake cross site scripting,A vulnerability classified as problematic was found in SourceCodester Simple E-Learning System. This vulnerability affects unknown code of the file /claire_blake. The manipulation of the argument Bio leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205822 is the identifier assigned to this vulnerability.,Sourcecodester,Simple E-learning System,3.5,LOW,0.0006900000153109431,false,,false,false,false,,,false,false,,2022-08-08T12:26:10.000Z,0 CVE-2022-2699,https://securityvulnerability.io/vulnerability/CVE-2022-2699,SourceCodester Simple E-Learning System claire_blake sql injection,A vulnerability was found in SourceCodester Simple E-Learning System. It has been rated as critical. Affected by this issue is some unknown functionality of the file /claire_blake. The manipulation of the argument phoneNumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205820.,Sourcecodester,Simple E-learning System,6.3,MEDIUM,0.002360000042244792,false,,false,false,false,,,false,false,,2022-08-08T12:25:40.000Z,0 CVE-2022-2698,https://securityvulnerability.io/vulnerability/CVE-2022-2698,SourceCodester Simple E-Learning System search.php sql injection,A vulnerability was found in SourceCodester Simple E-Learning System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument searchPost leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205819.,Sourcecodester,Simple E-learning System,6.3,MEDIUM,0.0026499999221414328,false,,false,false,false,,,false,false,,2022-08-07T20:01:17.000Z,0 CVE-2022-2665,https://securityvulnerability.io/vulnerability/CVE-2022-2665,SourceCodester Simple E-Learning System classroom.php sql injection,A vulnerability classified as critical was found in SourceCodester Simple E-Learning System. Affected by this vulnerability is an unknown functionality of the file classroom.php. The manipulation of the argument post_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205615.,Sourcecodester,Simple E-learning System,6.3,MEDIUM,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-08-05T10:45:34.000Z,0 CVE-2022-2490,https://securityvulnerability.io/vulnerability/CVE-2022-2490,SourceCodester Simple E-Learning System search.php sql injection,"A vulnerability classified as critical has been found in SourceCodester Simple E-Learning System 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument classCode with the input 1'||(SELECT 0x74666264 WHERE 5610=5610 AND (SELECT 7504 FROM(SELECT COUNT(*),CONCAT(0x7171627a71,(SELECT (ELT(7504=7504,1))),0x71717a7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",Sourcecodester,Simple E-learning System,6.3,MEDIUM,0.0016899999463930726,false,,false,false,false,,,false,false,,2022-07-20T11:35:44.000Z,0 CVE-2022-2489,https://securityvulnerability.io/vulnerability/CVE-2022-2489,SourceCodester Simple E-Learning System classRoom.php sql injection,"A vulnerability was found in SourceCodester Simple E-Learning System 1.0. It has been rated as critical. This issue affects some unknown processing of the file classRoom.php. The manipulation of the argument classCode with the input 1'||(SELECT 0x6770715a WHERE 8795=8795 AND (SELECT 8342 FROM(SELECT COUNT(*),CONCAT(0x7171786b71,(SELECT (ELT(8342=8342,1))),0x717a7a7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",Sourcecodester,Simple E-learning System,6.3,MEDIUM,0.0016899999463930726,false,,false,false,false,,,false,false,,2022-07-20T11:35:38.000Z,0 CVE-2022-2396,https://securityvulnerability.io/vulnerability/CVE-2022-2396,SourceCodester Simple e-Learning System claire_blake cross site scripting,"A vulnerability classified as problematic was found in SourceCodester Simple e-Learning System 1.0. Affected by this vulnerability is an unknown functionality of the file /vcs/claire_blake. The manipulation of the argument Bio with the input ""> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",Sourcecodester,Simple E-learning System,3.5,LOW,0.000539999979082495,false,,false,false,false,,,false,false,,2022-07-14T12:06:55.000Z,0