CVE-2025-1946 | hzmanyun Education and Training System 2.1 /user/exportPDF id command injection

Posted by Angelo Barbosa | Mar 4, 2025 | CVE

A vulnerability was found in hzmanyun Education and Training System 2.1. It has been rated as critical. Affected by this issue is the function exportPDF of the file /user/exportPDF. The manipulation of the argument id leads to command injection.

This vulnerability is handled as CVE-2025-1946. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2025-1946 | hzmanyun Education and Training System 2.1 /user/exportPDF id command injection

Related Posts

CVE-2024-45617 | libopensc uninitialized pointer

CVE-2025-22912 | RE11S 1.11 /goform/formAccept command injection

CVE-2025-0111 | Palo Alto Cloud NGFW/PAN-OS/Prisma Access Management Web Interface file inclusion

CVE-2024-28395 | Best-Kit bestkit_popup up to 1.7.2 on PrestaShop bestkit_popup.php sql injection