CVE-2024-54919

A Stored Cross Site Scripting XSS was found in /teacheravatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter...

CVE-2024-54918

Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacheravatar.php...

CVE-2024-54925

A SQL Injection was found in /removesentmessage.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter...

CVE-2024-54929

KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deletesubject.php...

CVE-2024-54938

Kashipara E-Learning Management System v1.0 suffers a Directory Listing issue exposed at /admin/uploads, enabling remote access to sensitive files/directories. CVE-2024-54938 is classified with high impact (CVSS 3.1: 7.5) and network attack vector; no in‑document details on exploit specifics or a...

PT-2024-36440 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System version 1.0 Description: A SQL Injection issue was found in the /admin/edit user.php file, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized access to the database via the...

CVE-2024-54924

A SQL Injection was found in /admin/editcontent.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters...

CVE-2024-54938

A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads...

CVE-2024-54919

CVE-2024-54919 affects Kashipara E-learning Management System v1.0, with a Stored Cross-Site Scripting (XSS) in /teacher_avatar.php exploitable via the filename parameter. The root cause is unvalidated/unsanitized user-supplied filename input, enabling an attacker to inject JavaScript that is sto...

PT-2024-36445 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: Kashipara E-Learning Management System version 1.0 Description: The issue is related to SQL Injection in the /admin/delete users.php file. This allows for potential exploitation. No information is provided about the estimated number of...

PT-2024-36450 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: Kashipara E-Learning Management System version 1.0 Description: The issue concerns a SQL Injection vulnerability in the /admin/delete department.php endpoint. This vulnerability can be exploited to inject malicious SQL code. Recommendations:...

CVE-2024-54936

CVE-2024-54936 affects Kashipara E-learning Management System v1.0. The Stored XSS vulnerability exists in /send_message.php, exploitable via the my_message parameter, potentially enabling arbitrary script execution in a victim’s browser. Affected component: Kashipara E‑learning Management System...

CVE-2024-54933

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deletecontent.php...

PT-2024-36449 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System version 1.0 Description: A SQL Injection issue was found in the /admin/delete event.php endpoint, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized database access via the...

CVE-2024-54918

CVE-2024-54918 affects Kashipara E-learning Management System v1.0, with Remote Code Execution via file upload in the /teacher_avatar.php endpoint. The vulnerability is classified with CVSS v3.1: 9.8 (Network attack vector, Low attack complexity, No privileges, No user interaction, with High impa...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary SQL commands to access the database via the department parameter...

CVE-2024-11321

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Hi e-learning Learning Management System LMS allows Reflected XSS. This issue affects Learning Management System LMS: before 06.12.2024...

CVE-2024-11321

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Hi e-learning Learning Management System LMS allows Reflected XSS. This issue affects Learning Management System LMS: before 06.12.2024...

Rapid7 Extends Cloud Security Capabilities with Updates to Exposure Command

The cloud has become the backbone of modern innovation, powering everything from AI to remote work. But as organizations embrace the cloud, they also face an ever-expanding and increasingly complex attack surface. With purpose-built harvesting technology providing real-time visibility into...

CVE-2024-11321 Reflected XSS in Hi e-learning's Learning Management System (LMS)

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Hi e-learning Learning Management System LMS allows Reflected XSS. This issue affects Learning Management System LMS: before 06.12.2024...