CyberSecurityBoard
Sponsor Register Login

CVE-2023-4974

A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Publication date: Fri, 15 Sep 2023 08:15:00 +0000


Cyber News related to CVE-2023-4974

Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
2 years ago Cisa.gov CVE-2023-48842 CVE-2023-43089 CVE-2023-39226 CVE-2023-46690 CVE-2023-47207 CVE-2023-46886 CVE-2023-48882 CVE-2023-49656 CVE-2023-28896 CVE-2023-48016 CVE-2023-49092 CVE-2023-2266 CVE-2023-2267 CVE-2023-31177 CVE-2023-34388 CVE-2023-34389 CVE-2023-48848 CVE-2023-4398
CVE-2022-49235 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
1 year ago Tenable.com
CVE-2023-54258 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago
Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server - Sig 11,887 p4api vs2017 static openssl3 p4api-2023.1.2468153-vs2017 static. Sig 11,847 p4api vs2017 static p4api-2023.1.2468153-vs2017 static. Sig 10,187 p4api vs2017 static vsdebug openssl3 p4api-2023.1.2468153-vs2017 static vsdebug. Sig 10,147 ...
2 years ago Microsoft.com
CVE-2023-4974 - A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument ...
1 year ago
Threat landscape for industrial automation systems. H2 2023 - In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year. In H2 2023, building automation once ...
1 year ago Securelist.com
CVE-2025-4974 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. ...
6 months ago
CVE-2007-4974 - Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block ...
14 years ago
CVE-2012-4974 - Layton Helpbox 4.4.0 allows remote authenticated users to change the login context and gain privileges via a modified (1) loggedinenduser, (2) loggedinendusername, (3) loggedinuserusergroup, (4) loggedinuser, or (5) loggedinusername cookie. ...
13 years ago
CVE-2014-4974 - The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel ...
8 years ago
CVE-2009-4974 - Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the box parameter. ...
8 years ago
CVE-2006-4974 - Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command. ...
8 years ago
CVE-2016-4974 - Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary ...
7 years ago
CVE-2018-4974 - Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current ...
6 years ago
CVE-2020-4974 - IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM ...
4 years ago
CVE-2017-4974 - An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11, and other versions prior to v3.16.0; and UAA bosh ...
3 years ago
CVE-2013-4974 - RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed RealMedia file. ...
12 years ago
CVE-2015-4974 - IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors. ...
9 years ago
CVE-2008-4974 - rrdedit in netmrg 0.20 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*.xml and (2) /tmp/*.backup temporary files. ...
8 years ago
CVE-2010-4974 - SQL injection vulnerability in info.php in BrotherScripts (BS) and ScriptsFeed Auto Dealer allows remote attackers to execute arbitrary SQL commands via the id parameter. ...
8 years ago
CVE-2022-1769 - Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. ...
2 years ago
CVE-2011-4974 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none ...
56 years ago Tenable.com
CVE-2024-4974 - A vulnerability, which was classified as problematic, was found in code-projects Simple Chat System 1.0. Affected is an unknown function of the file /register.php. The manipulation of the argument name leads to cross site scripting. It is possible to ...
1 year ago
CVE-2021-47597 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)