Eclass: >> Eclass Ip >> 2.5 Security Vulnerabilities
eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-07-25
eClass platform < ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenview_left.php StudentID parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-07-25
Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1.
CVSS Score
9.1
EPSS Score
0.005
Published
2019-07-11