Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-50197
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. This issue has been patched in version 1.11.30.
CVSS Score
7.2
EPSS Score
0.006
Published
2026-03-02
CVE-2025-50198
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters. This issue has been patched in version 1.11.30.
CVSS Score
4.9
EPSS Score
0.001
Published
2026-03-02
CVE-2025-50193
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. This issue has been patched in version 1.11.30.
CVSS Score
7.2
EPSS Score
0.006
Published
2026-03-02
CVE-2026-26694
code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modal_view.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-03-02
CVE-2026-26695
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudent_edit.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-03-02
CVE-2026-26696
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_edit.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-03-02
CVE-2026-26702
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/myitem_reuse.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-03-02
CVE-2026-26703
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advance_search.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-03-02
CVE-2026-24107
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSystemCmd`, may lead to critical command injection vulnerabilities.
CVSS Score
9.8
EPSS Score
0.011
Published
2026-03-02
CVE-2026-24108
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size validation, it could lead to a buffer overflow vulnerability.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-03-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved