Vulnerabilities > Oretnom23 > Online Learning System > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-24 | CVE-2021-40596 | SQL Injection vulnerability in Oretnom23 Online Learning System 2.0 SQL injection vulnerability in Login.php in sourcecodester Online Learning System v2 by oretnom23, allows attackers to execute arbitrary SQL commands via the faculty_id parameter. | 9.8 |
| 2021-11-15 | CVE-2021-42580 | SQL Injection vulnerability in Oretnom23 Online Learning System 2.0 Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft these two vunlerablities to get unauthenticated remote command execution. | 9.8 |