VYPR
Vendor

Inxedu

Products
1
CVEs
8
Across products
8
Status
Private

Products

1

Recent CVEs

8
  • CVE-2020-35326CriJan 18, 2023
    risk 0.65cvss 9.8epss 0.14

    SQL Injection vulnerability in file /inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml in inxedu 2.0.6 via the id value.

  • CVE-2024-35570CriMay 23, 2024
    risk 0.64cvss 9.8epss 0.01

    An arbitrary file upload vulnerability in the component \controller\ImageUploadController.class of inxedu v2.0.6 allows attackers to execute arbitrary code via uploading a crafted jsp file.

  • CVE-2024-35080CriMay 23, 2024
    risk 0.64cvss 9.8epss 0.01

    An arbitrary file upload vulnerability in the gok4 method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file.

  • CVE-2024-35079CriMay 23, 2024
    risk 0.64cvss 9.8epss 0.01

    An arbitrary file upload vulnerability in the uploadAudio method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file.

  • CVE-2020-21152CriJan 20, 2023
    risk 0.64cvss 9.8epss 0.01

    SQL Injection vulnerability in inxedu 2.0.6 allows attackers to execute arbitrary commands via the functionIds parameter to /saverolefunction.

  • CVE-2020-35430CriApr 29, 2021
    risk 0.64cvss 9.8epss 0.01

    SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem.

  • CVE-2019-7684CriFeb 9, 2019
    risk 0.64cvss 9.8epss 0.02

    inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. The vulnerable code location is com.inxedu.os.common.controller.VideoUploadController#gok4 (com/inxedu/os/common/controller/VideoUploadController.java). The attacker uses the…

  • CVE-2019-3576CriJan 2, 2019
    risk 0.64cvss 9.8epss 0.02

    inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure via the deleteFaveorite/ PATH_INFO. The vulnerable code location is com.inxedu.os.edu.controller.user.UserController#deleteFavorite (aka deleteFavorite in…