CVE-2024-54922

A SQL Injection was found in /admin/edituser.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters...

CVE-2024-54934

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deleteclass.php...

CVE-2024-54924

A SQL Injection was found in /admin/editcontent.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters...

CVE-2024-54933

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deletecontent.php...

CVE-2024-54919

A Stored Cross Site Scripting XSS was found in /teacheravatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter...

CVE-2024-54936

A Stored Cross-Site Scripting XSS vulnerability was found in /sendmessage.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the mymessage parameter...

CVE-2024-54937

A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets...

CVE-2024-54929

KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deletesubject.php...

CVE-2024-11321

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Hi e-learning Learning Management System LMS allows Reflected XSS. This issue affects Learning Management System LMS: before 06.12.2024...

CVE-2024-50671

Incorrect access control in Adapt Learning Adapt Authoring Tool = 0.11.3 allows attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. The vulnerability occurs due to a flaw in permission verification logic, where the wildcard character in permitted URLs...

CVE-2024-50835

A SQL Injection vulnerability was found in /admin/editstudent.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters...

CVE-2024-50842

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/schoolyear.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the schoolyear parameter...

CVE-2024-50833

A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters...

CVE-2024-50838

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters...

CVE-2024-50823

A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters...

CVE-2024-50824

A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the classname parameter...

CVE-2024-50828

A SQL Injection vulnerability was found in /admin/editdepartment.php in kashipara E-learning Management System Project 1.0 via the d parameter...

CVE-2024-50831

A SQL Injection was found in /admin/adminuser.php in kashipara E-learning Management System Project 1.0 via the username and password parameters...

CVE-2024-50839

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/addsubject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subjectcode and title parameters...

CVE-2024-50837

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/adminuser.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters...