Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number.
7.3AI Score
0.077EPSS
A SQL injection vulnerability in I-Tech Trainsmart r1044 exists via a evaluation/assign-evaluation?id= URI.
7.5CVSS
7.8AI Score
0.004EPSS