Vulnerabilities > Preprojects > PRE E Learning Portal

DATE CVE VULNERABILITY TITLE RISK
2010-03-10 CVE-2010-0954 SQL Injection vulnerability in Preprojects PRE E-Learning Portal
SQL injection vulnerability in search_result.asp in Pre Projects Pre E-Learning Portal allows remote attackers to execute arbitrary SQL commands via the course_ID parameter.
network
low complexity
preprojects CWE-89
7.5
7.5
2009-02-04 CVE-2008-6052 Permissions, Privileges, and Access Controls vulnerability in Preprojects PRE E-Learning Portal
PreProjects Pre E-Learning Portal stores db_elearning.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
network
low complexity
preprojects CWE-264
5.0
5.0