Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
inxedu inxedu vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2019-7684
inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. The vulnerable code location is com.inxedu.os.common.controller.VideoUploadController#gok4 (com/inxedu/os/common/controller/VideoUploadController.java). The attacker uses the /video...
Inxedu Inxedu
668
VMScore
CVE-2020-35430
SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem.
Inxedu Inxedu 2.0.6
NA
CVE-2020-35326
SQL Injection vulnerability in file /inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml in inxedu 2.0.6 via the id value.
Inxedu Inxedu 2.0.6
NA
CVE-2020-21152
SQL Injection vulnerability in inxedu 2.0.6 allows malicious users to execute arbitrary commands via the functionIds parameter to /saverolefunction.
Inxedu Inxedu 2.0.6
668
VMScore
CVE-2019-3576
inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure via the deleteFaveorite/ PATH_INFO. The vulnerable code location is com.inxedu.os.edu.controller.user.UserController#deleteFavorite (aka deleteFavorite in com/inxedu/os/edu/control...
Inxedu Project Inxedu
NA
CVE-2024-35079
An arbitrary file upload vulnerability in the uploadAudio method of inxedu v2024.4 allows malicious users to execute arbitrary code via uploading a crafted .jsp file.
NA
CVE-2024-35080
An arbitrary file upload vulnerability in the gok4 method of inxedu v2024.4 allows malicious users to execute arbitrary code via uploading a crafted .jsp file.
NA
CVE-2024-35570
An arbitrary file upload vulnerability in the component \controller\ImageUploadController.class of inxedu v2.0.6 allows malicious users to execute arbitrary code via uploading a crafted jsp file.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started