Learning Management System Project: Security Vulnerabilities
Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to \lms\student_avatar.php.
CVSS Score
9.8
EPSS Score
0.01
Published
2021-07-30
SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-07-23