CVE-2025-1590 — Improper Access Control in E-learning System

CWE-284 — Improper Access Control CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

0.1%

top 84.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester E-learning System Janobe E-learning System

Timeline

PublishedFeb 23

Description

A vulnerability was found in SourceCodester E-Learning System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/lesson/index.php of the component List of Lessons Page. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5sourcecodester/e-learning_system1.0

▶NVDjanobe/e-learning_system1.0

🔴Vulnerability Details

GHSA

GHSA-8mrr-27v4-2g8c: A vulnerability was found in SourceCodester E-Learning System 1↗2025-02-23

▶

CVEList

SourceCodester E-Learning System List of Lessons Page index.php unrestricted upload↗2025-02-23

▶