Every CVE whose affected-product data names Eclass Eclass Ip, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2019-9884 — CVSS 9.8 (critical): eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access…
CVE-2019-9885 — CVSS 9.8 (critical): eClass platform < ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenview_left.php StudentID parameter.
CVE-2019-9886 — CVSS 7.5 (high): Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning…