Skip to main content

Learning Management System

11 CVEs product

Monthly

CVE-2026-12789 LOW Monitor

SQL injection in ILIAS Learning Management System 11.0 allows a remote, high-privileged attacker to manipulate database queries via the Learning Progress Tracking component. The `troup_table_nav` argument passed to `ilTrQuery::executeQueries` in `components/ILIAS/Tracking/classes/class.ilTrQuery.php` is incorporated into SQL statements without adequate sanitization, enabling low-impact reads and writes against the underlying database. Publicly available exploit code exists (CVSS 4.0 E:P), and the vendor did not respond to pre-disclosure contact, meaning no official patch has been issued.

SQLi PHP Learning Management System
NVD VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2024-8001 MEDIUM This Month

A vulnerability was found in VIWIS LMS 9.11. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Learning Management System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-37870 CRITICAL POC Act Now

SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With Source Code 1.0 allows attackers to execute arbitrary SQL commands via the id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Learning Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-37840 HIGH POC This Week

SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Learning Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5588 MEDIUM POC This Month

A vulnerability was found in itsourcecode Learning Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Learning Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5519 MEDIUM POC This Month

A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Learning Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2023-40607 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin <= 1.10.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Learning Management System
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2021-25200 CRITICAL POC Act Now

Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to \lms\student_avatar.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Learning Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-25201 HIGH POC This Week

SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Learning Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2018-16971 MEDIUM POC This Month

Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Learning Management System
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2018-16970 MEDIUM POC This Month

Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Learning Management System
NVD
CVSS 3.0
4.3
EPSS
0.7%
EPSS 0% CVSS 2.0
LOW Monitor

SQL injection in ILIAS Learning Management System 11.0 allows a remote, high-privileged attacker to manipulate database queries via the Learning Progress Tracking component. The `troup_table_nav` argument passed to `ilTrQuery::executeQueries` in `components/ILIAS/Tracking/classes/class.ilTrQuery.php` is incorporated into SQL statements without adequate sanitization, enabling low-impact reads and writes against the underlying database. Publicly available exploit code exists (CVSS 4.0 E:P), and the vendor did not respond to pre-disclosure contact, meaning no official patch has been issued.

SQLi PHP Learning Management System
NVD VulDB
EPSS 1% CVSS 6.9
MEDIUM This Month

A vulnerability was found in VIWIS LMS 9.11. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Learning Management System
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With Source Code 1.0 allows attackers to execute arbitrary SQL commands via the id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Learning Management System
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Learning Management System
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in itsourcecode Learning Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Learning Management System
NVD GitHub VulDB
EPSS 1% CVSS 6.9
MEDIUM POC This Month

A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Learning Management System
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin <= 1.10.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Learning Management System
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to \lms\student_avatar.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Learning Management System
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Learning Management System
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Learning Management System
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy