CVE-2022-43319 An information disclosure vulnerability in the component vcs/downloadFiles.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files.
Attackers can host malicious scripts on a web server and then use a web browser to access the application via a direct request or by opening a malicious link.
CVE-2017-10267: An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files.
CVE-2017-10268: An authenticated administrator can upload new files to the application via the component vcs/uploadFile.php?folder=./search.php of Simple E-Learning System v1.0 which can lead to information disclosure.
CVE-2017-10269: An administrator can delete files via the component vcs/deleteFile.php?id=./search.php of Simple E-Learning System v1.0 which can lead to information disclosure.
CVE-2017-10270: An administrator can upload new files to the application via the component vcs/uploadFile.php?folder=./search.php of Simple E-Learning System v1.0 which can lead to information disclosure.
CVE-2017-10271: An administrator can delete files via the component vcs/deleteFile.php?id=./search.php of Simple E-Learning System v1.0 which can lead to information disclosure.
CVE-2017-10272: An administrator can upload new files to the application via the component
Summary
Attackers can host malicious scripts on a web server and then use a web browser to access the application via a direct request or by opening a malicious link. The vulnerability in Simple E-Learning System allows attackers to read arbitrary files. An authenticated administrator can upload new files to the application via the component vcs/uploadFile.php?folder=./search.php of Simple E-Learning System which can lead to information disclosure. An administrator can delete files via the component vcs/deleteFile.php?id=./search.php of Simple E-Learning System which can lead to information disclosure. An administrator can upload new files to the application via the component vcs/uploadFile.php?folder=./search.php of Simple E-Learning System which can lead to information disclosure.
Timeline
Published on: 11/07/2022 15:15:00 UTC
Last modified on: 11/08/2022 16:14:00 UTC