← Back

Eclass

eclass

3 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Eclass Ip
eclass_ip
3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-9885
1Eclass
1Eclass Ip
Nov 21, 2024
Jul 25, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
eClass platform < ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenview_left.php StudentID parameter.
CVE-2019-9884
1Eclass
1Eclass Ip
Nov 21, 2024
Jul 25, 2019
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page.
CVE-2019-9886
1Eclass
1Eclass Ip
Nov 21, 2024
Jul 11, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1.