Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
learning management system vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-25200
Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows malicious users to execute arbitrary code, via the file upload to \lms\student_avatar.php.
Learning Management System Project Learning Management System 1.0
7.5
CVSSv3
CVE-2021-25201
SQL injection vulnerability in Learning Management System v 1.0 allows remote malicious users to execute arbitrary SQL statements through the id parameter to obtain sensitive database information.
Learning Management System Project Learning Management System 1.0
NA
CVE-2002-1909
Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the hashed administrative password in a config.txt file under the htdocs directory, which allows remote malicious users to obtain the administrative password.
Click2learn Ingenium Learning Management System 5.1
Click2learn Ingenium Learning Management System 6.1
NA
CVE-2013-3599
userlogin.jsp in Coursemill Learning Management System (LMS) 6.6 and 6.8 allows remote malicious users to gain privileges via a modified user-role value to home.html.
Trivantis Coursemill Learning Management System 6.8
Trivantis Coursemill Learning Management System 6.6
5.4
CVSSv3
CVE-2018-6866
Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message.
Learning And Examination Management System Script Project Learning And Examination Management System Script 2.3.1
7.5
CVSSv3
CVE-2002-1910
Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows malicious users to obtain passwords.
Click-2 Ingenium Learning Management System 5.1
Click-2 Ingenium Learning Management System 6.1
1 EDB exploit
4.3
CVSSv3
CVE-2018-16970
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter.
Wisetail Learning Management System
8.8
CVSSv3
CVE-2023-40607
Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin <= 1.10.0 versions.
Cluevo Learning Management System
4.3
CVSSv3
CVE-2018-16971
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter.
Wisetail Learning Management System
4.8
CVSSv3
CVE-2021-25029
The CLUEVO LMS, E-Learning Platform WordPress plugin prior to 1.8.1 does not sanitise and escape Course's module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Cluevo Learning Management System
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »