RSS   Podatności dla 'Eclass ip'   RSS

2019-07-25
 
CVE-2019-9885

CWE-89
 
 
eClass platform < ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenview_left.php StudentID parameter.

 
 
CVE-2019-9884

CWE-264
 
 
eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page.

 
2019-07-11
 
CVE-2019-9886

CWE-284
 
 
Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1.

 

Copyright 2024, cxsecurity.com

 

Back to Top