Vulnerabilities > Eclass > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-25 | CVE-2019-9885 | SQL Injection vulnerability in Eclass IP 2.5 eClass platform < ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenview_left.php StudentID parameter. | 9.8 |
| 2019-07-25 | CVE-2019-9884 | Forced Browsing vulnerability in Eclass IP 2.5 eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page. | 9.8 |