CVE-2025-1947 | hzmanyun Education and Training System 2.1.3 UploadImageController.java scorm param command injection

Inserito da Angelo Barbosa | Mar 4, 2025 | CVE

A vulnerability classified as critical has been found in hzmanyun Education and Training System 2.1.3. This affects the function scorm of the file UploadImageController.java. The manipulation of the argument param leads to command injection.

This vulnerability is uniquely identified as CVE-2025-1947. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2025-1947 | hzmanyun Education and Training System 2.1.3 UploadImageController.java scorm param command injection

Post correlati

CVE-2023-47464 | GL.iNET AX1800 up to 4.4.x Upload API permission

CVE-2024-24877 | Magic Hills Pty Wonder Slider Lite Plugin up to 13.9 on WordPress cross site scripting

CVE-2024-1253 | Beijing Baichuo Smart S40 Management Platform up to 20240126 Import /useratte/web.php file_upload unrestricted upload

CVE-2024-3318 | SailPoint Identity Security Cloud DelimitedFileConnector Cloud Connector path traversal