CVE-2025-1946 | hzmanyun Education and Training System 2.1 /user/exportPDF id command injection

Posted by Angelo Barbosa | Mar 4, 2025 | CVE

A vulnerability was found in hzmanyun Education and Training System 2.1. It has been rated as critical. Affected by this issue is the function exportPDF of the file /user/exportPDF. The manipulation of the argument id leads to command injection.

This vulnerability is handled as CVE-2025-1946. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2025-1946 | hzmanyun Education and Training System 2.1 /user/exportPDF id command injection

Related Posts

CVE-2024-27092 | Hoppscotch prior 2023.12.6 TeamName input validation

CVE-2025-22738 | TechnoWich WP ULike Plugin up to 4.7.6 on WordPress cross site scripting

CVE-2024-23503 | WPManageNinja Ninja Tables Plugin up to 5.0.6 on WordPress authorization

CVE-2024-1151 | Linux Kernel up to 6.8-rc3 Open vSwitch Sub-Component stack-based overflow