Vulnerabilities (CVE)

Filtered by vendor Eclass Subscribe
Filtered by product Eclass Ip
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-9886 1 Eclass 1 Eclass Ip 2024-11-21 5.0 MEDIUM 7.5 HIGH
Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1.
CVE-2019-9885 1 Eclass 1 Eclass Ip 2024-11-21 7.5 HIGH 9.8 CRITICAL
eClass platform < ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenview_left.php StudentID parameter.
CVE-2019-9884 1 Eclass 1 Eclass Ip 2024-11-21 10.0 HIGH 9.8 CRITICAL
eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page.