7043 matches found
CVE-2024-54923
The vulnerability CVE-2024-54923 affects Kashipara E-learning Management System v1.0. A SQL injection flaw exists in the /admin/edit_teacher.php endpoint, exploitable via the department parameter to execute arbitrary SQL commands and obtain unauthorized database access. This is supported by the i...
CVE-2024-54931
CVE-2024-54931 relates to a SQL injection in Kashipara E-learning Management System v1.0, exposed via the /admin/delete_event.php endpoint. The vulnerability stems from unsanitized input to the id parameter, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized databas...
CVE-2024-54934
CVE-2024-54934 : Kashipara E-learning Management System v1.0 is vulnerable to a SQL Injection in the /admin/delete_class.php endpoint. The vulnerability stems from unsafely constructed SQL queries in that handler, yielding high-severity impact (confidentiality, integrity, and availability). No pu...
CVE-2024-54933
CVE-2024-54933 affects Kashipara E-learning Management System v1.0, with a SQL Injection vulnerability in the endpoint /admin/delete_content.php. The connected sources confirm the vulnerable component but do not provide exploit details, exact vulnerable parameter(s), affected versions beyond v1.0...
CVE-2024-54928
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php. Root cause is improper input handling enabling SQL injection; CVSS v3.1 base score 7.2 (HIGH) with impact to confidentiality, integrity, and availability. Exploitation status is not detailed i...
CVE-2024-54924
CVE-2024-54924 describes a SQL injection in Kashipara E-learning Management System v1.0, exploitable via the /admin/edit_content.php endpoint (title and content parameters) allowing remote attackers to execute arbitrary SQL and obtain unauthorized database access. The issue is documented across m...
CVE-2024-54927
Kashipara E-learning Management System v1.0 is affected by a SQL Injection vulnerability in /admin/delete_users.php. The issue stems from unsanitized input in that endpoint, enabling potential unauthorized data exposure or manipulation. CVSS details from the primary record indicate a high impact ...
CVE-2024-54932
Kashipara E-learning Management System v1.0 is affected by a SQL Injection in the /admin/delete_department.php endpoint. The issue stems from improper handling of input in this admin function, enabling attacker-controlled SQL execution with potential high impact on confidentiality, integrity, and...
CVE-2024-54937
The CVE-2024-54937 entry describes a Directory Listing issue in Kashipara E-Learning Management System v1.0. Affected component: the /admin/assets endpoint. Root cause: directory listing exposure allows remote attackers to access sensitive files and directories, impacting confidentiality. Exploit...
CVE-2024-54930
CVE-2024-54930 affects Kashipara E-learning Management System v1.0. The vulnerability is an SQL Injection in the /admin/delete_student.php endpoint, caused by improper handling of input in that function. Documented impact indicates high confidentiality, integrity, and availability risks; network ...
CVE-2024-54929
KASHIPARA E-learning Management System v1.0 is affected by an SQL Injection in the /admin/delete_subject.php endpoint. The vulnerability arises from improper handling of input parameters in that admin action, enabling attackers with high privileges (per CVSS: Privileges Required = HIGH) and no us...
PT-2024-36442 · Unknown · Kashipara E-Learning Management System
Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System version 1.0 Description: A SQL injection issue was found in the /admin/edit content.php endpoint, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized access to the database...
PT-2024-36446 · Unknown · Kashipara E-Learning Management System
Name of the Vulnerable Software and Affected Versions: Kashipara E-learning Management System version 1.0 Description: The issue is related to a SQL Injection vulnerability in the /admin/delete teacher.php file. This vulnerability can be exploited through the delete teacher.php API endpoint. No...
PT-2024-36444 · Unknown · Kashipara E-Learning Management System
Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System version 1.0 Description: A SQL Injection issue was found in the /search class.php file, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized database access via the school ye...
PT-2024-36436 · Unknown · Kashipara E-Learning Management System
Name of the Vulnerable Software and Affected Versions: Kashipara E-learning Management System version 1.0 Description: A Stored Cross Site Scripting XSS issue was found in the /teacher avatar.php file. This allows remote attackers to execute arbitrary JavaScript via the filename parameter...
CVE-2024-54925
A SQL Injection was found in /removesentmessage.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter...
PT-2024-36438 · Unknown · Kashipara E-Learning Management System
Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System version 1.0 Description: A SQL injection issue was found in the /teacher signup.php file, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized access to the database through...
CVE-2024-54931
A SQL Injection was found in /admin/deleteevent.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter...
CVE-2024-54934
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deleteclass.php...
CVE-2024-54919
A Stored Cross Site Scripting XSS was found in /teacheravatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter...