Total
41 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-50839 | 1 Lopalopa | 1 E-learning Management System | 2025-05-06 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/add_subject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subject_code and title parameters.
|
|||||
| CVE-2024-50840 | 1 Lopalopa | 1 E-learning Management System | 2025-05-06 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter.
|
|||||
| CVE-2024-50841 | 1 Lopalopa | 1 E-learning Management System | 2025-05-06 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/calendar_of_events.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the date_start, date_end, and title parameters.
|
|||||
| CVE-2024-50842 | 1 Lopalopa | 1 E-learning Management System | 2025-05-06 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/school_year.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the school_year parameter.
|
|||||
| CVE-2024-50837 | 1 Lopalopa | 1 E-learning Management System | 2025-05-06 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters.
|
|||||
| CVE-2024-50838 | 1 Lopalopa | 1 E-learning Management System | 2025-05-06 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters.
|
|||||
| CVE-2024-54927 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | N/A | 7.2 HIGH |
|
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php.
|
|||||
| CVE-2024-54928 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | N/A | 7.2 HIGH |
|
kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php,
|
|||||
| CVE-2024-54938 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | N/A | 7.5 HIGH |
|
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads.
|
|||||
| CVE-2024-54934 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | N/A | 9.8 CRITICAL |
|
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php.
|
|||||
| CVE-2024-54932 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | N/A | 9.8 CRITICAL |
|
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php.
|
|||||
| CVE-2024-54931 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | N/A | 9.8 CRITICAL |
|
A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.
|
|||||
| CVE-2024-54921 | 1 Lopalopa | 1 E-learning Management System | 2025-04-14 | N/A | 9.8 CRITICAL |
|
A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters.
|
|||||
| CVE-2024-54923 | 1 Lopalopa | 1 E-learning Management System | 2025-04-14 | N/A | 9.8 CRITICAL |
|
A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter.
|
|||||
| CVE-2024-54924 | 1 Lopalopa | 1 E-learning Management System | 2025-04-14 | N/A | 9.8 CRITICAL |
|
A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters.
|
|||||
| CVE-2024-54925 | 1 Lopalopa | 1 E-learning Management System | 2025-04-14 | N/A | 9.8 CRITICAL |
|
A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.
|
|||||
| CVE-2024-54918 | 1 Lopalopa | 1 E-learning Management System | 2025-04-14 | N/A | 9.8 CRITICAL |
|
Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php.
|
|||||
| CVE-2024-54937 | 1 Lopalopa | 1 E-learning Management System | 2025-03-20 | N/A | 5.3 MEDIUM |
|
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets.
|
|||||
| CVE-2024-54920 | 1 Lopalopa | 1 E-learning Management System | 2025-03-20 | N/A | 9.8 CRITICAL |
|
A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters.
|
|||||
| CVE-2024-54929 | 1 Lopalopa | 1 E-learning Management System | 2025-03-18 | N/A | 7.2 HIGH |
|
KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php.
|
|||||
| CVE-2024-54933 | 1 Lopalopa | 1 E-learning Management System | 2024-12-12 | N/A | 7.2 HIGH |
|
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php.
|
|||||
| CVE-2024-54930 | 1 Lopalopa | 1 E-learning Management System | 2024-12-12 | N/A | 7.2 HIGH |
|
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php.
|
|||||
| CVE-2024-54922 | 1 Lopalopa | 1 E-learning Management System | 2024-12-12 | N/A | 7.2 HIGH |
|
A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters.
|
|||||
| CVE-2024-54926 | 1 Lopalopa | 1 E-learning Management System | 2024-12-11 | N/A | 8.8 HIGH |
|
A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter.
|
|||||
| CVE-2024-54935 | 1 Lopalopa | 1 E-learning Management System | 2024-12-11 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.
|
|||||
| CVE-2024-54936 | 1 Lopalopa | 1 E-learning Management System | 2024-12-10 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.
|
|||||
| CVE-2024-54919 | 1 Lopalopa | 1 E-learning Management System | 2024-12-10 | N/A | 5.4 MEDIUM |
|
A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter.
|
|||||
| CVE-2024-50836 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 4.8 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and lastname parameters.
|
|||||
| CVE-2024-50826 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 7.2 HIGH |
|
A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters.
|
|||||
| CVE-2024-50825 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 7.2 HIGH |
|
A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter.
|
|||||
| CVE-2024-50824 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 7.2 HIGH |
|
A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.
|
|||||
| CVE-2024-50823 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 9.8 CRITICAL |
|
A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.
|
|||||
| CVE-2024-50835 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 7.2 HIGH |
|
A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters.
|
|||||
| CVE-2024-50834 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 7.2 HIGH |
|
A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0 via the firstname and lastname parameters.
|
|||||
| CVE-2024-50833 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 9.8 CRITICAL |
|
A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters.
|
|||||
| CVE-2024-50832 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 7.2 HIGH |
|
A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.
|
|||||
| CVE-2024-50831 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 7.2 HIGH |
|
A SQL Injection was found in /admin/admin_user.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.
|
|||||
| CVE-2024-50830 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 7.2 HIGH |
|
A SQL Injection vulnerability was found in /admin/calendar_of_events.php in kashipara E-learning Management System Project 1.0 via the date_start, date_end, and title parameters.
|
|||||
| CVE-2024-50829 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 7.2 HIGH |
|
A SQL Injection vulnerability was found in /admin/edit_subject.php in kashipara E-learning Management System Project 1.0 via the unit parameter.
|
|||||
| CVE-2024-50828 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 7.2 HIGH |
|
A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter.
|
|||||