CVE-2025-1947 | hzmanyun Education and Training System 2.1.3 UploadImageController.java scorm param command injection

Posted by Angelo Barbosa | Mar 4, 2025 | CVE

A vulnerability classified as critical has been found in hzmanyun Education and Training System 2.1.3. This affects the function scorm of the file UploadImageController.java. The manipulation of the argument param leads to command injection.

This vulnerability is uniquely identified as CVE-2025-1947. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2025-1947 | hzmanyun Education and Training System 2.1.3 UploadImageController.java scorm param command injection

Related Posts

CVE-2024-10292 | ZZCMS 2023 ChangeTable.php savefilename unrestricted upload

CVE-2024-33439 | Kasda LinkSmart Router KW5515 up to 1.7 CGI os command injection

CVE-2024-6513 | OpenJPEG Image File denial of service

CVE-2024-54043 | Adobe Connect up to 11.4.7/12.6 cross site scripting (apsb24-99)