CVE-2024-50835

A SQL Injection vulnerability was found in /admin/editstudent.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters...

PT-2024-34423 · Unknown · Kashipara E-Learning Management System Project

Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System Project version 1.0 Description: A SQL Injection issue was found in the /admin/school year.php file, specifically via the school year parameter. This allows for potential exploitation. Recommendations: F...

PT-2024-34441 · Unknown · Kashipara E-Learning Management System Project

Name of the Vulnerable Software and Affected Versions: KASHIPARA E-learning Management System Project version 1.0 Description: A Stored Cross-Site Scripting XSS issue was found in the /admin/school year.php endpoint, specifically via the school year parameter. This allows remote attackers to...

PT-2024-34429 · Unknown · Kashipara E-Learning Management System Project

Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System Project version 1.0 Description: A SQL Injection issue was discovered in the /admin/admin user.php file of the kashipara E-learning Management System Project. This issue is exploitable via the username a...

CVE-2024-50838

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters...

CVE-2024-50830

A SQL Injection vulnerability was found in /admin/calendarofevents.php in kashipara E-learning Management System Project 1.0 via the datestart, dateend, and title parameters...

CVE-2024-50825

A SQL Injection vulnerability was found in /admin/schoolyear.php in kashipara E-learning Management System Project 1.0 via the schoolyear parameter...

CVE-2024-50828

The CVE-2024-50828 entry describes a SQL injection in Kashipara E-learning Management System Project 1.0, exploitable via the d parameter of /admin/edit_department.php. Affected component: the web application’s edit_department functionality; root cause: improper handling of user input leading to ...

CVE-2024-50837

CVE-2024-50837 pertains to the Kashipara E-learning Management System Project 1.0. It describes a stored XSS vulnerability in the /admin/admin_user.php endpoint where an attacker can inject scripts via the firstname and username parameters. The CVSS 3.1 base score is 5.4 (Medium) with network att...

CVE-2024-50830

Summary: CVE-2024-50830 affects Kashipara E-learning Management System Project 1.0. The vulnerability is a SQL Injection in the admin calendar page: /admin/calendar_of_events.php, exploitable via the date_start, date_end, and title parameters. Affected product/version: Kashipara E-learning Manage...

CVE-2024-50832

CVE-2024-50832 describes a SQL Injection in Kashipara E-learning Management System Project 1.0, exploitable via the class_name parameter in /admin/edit_class.php. The underlying issue is unsanitized input leading to SQL injection, with no exploitation details provided in the connected documents. ...

CVE-2024-50835

CVE-2024-50835 is a SQL injection vulnerability in Kashipara E-learning Management System Project 1.0, exploitable via /admin/edit_student.php using the cys, un, ln, fn, and id parameters. The NVD entry lists CVSSv3.1/7.2 HIGH (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H); a CNA entry shows a conflicting...

CVE-2024-50826

Summary of CVE-2024-50826 : The Red/Blue documents describe a SQL injection vulnerability in Kashipara E-learning Management System Project 1.0, exploitable via the title and content parameters of /admin/add_content.php. The underlying issue is unvalidated input used to construct SQL queries, ena...

CVE-2024-50824

The CVE-2024-50824 entry concerns Kashipara E-learning Management System Project 1.0, with a SQL Injection in /admin/class.php via the class_name parameter. Affected component is the server-side PHP script handling class_name in the admin interface. The vulnerability allows attackers to manipulat...

CVE-2024-50831

CVE-2024-50831 affects the Kashipara E-learning Management System Project 1.0. A SQL injection vulnerability exists in the admin interface at /admin/admin_user.php, exploitable via the username and password parameters. CVSS data from multiple sources indicate a high-severity impact with potential...

CVE-2024-50827

CVE-2024-50827 affects Kashipara E-learning Management System Project 1.0. A SQL Injection vulnerability exists in /admin/add_subject.php via the subject_code parameter. The NVD entry lists a high impact (C/H/I/A) with a base score of 7.2 (3.1 vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Red Hat...

CVE-2024-50825

Kashipara E-learning Management System Project 1.0 contains a SQL Injection in /admin/school_year.php via the school_year parameter. The vulnerability affects the application’s ability to enforce data integrity and confidentiality, with potential impact on confidentiality, integrity, and availabi...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in KASHIPARA E-learning Management System Project version 1.0, which originates from SQL injection of the parameters username and password...

CVE-2024-50823

CVE-2024-50823 affects Kashipara E-learning Management System Project 1.0. A SQL injection vulnerability exists in the /admin/login.php endpoint, exploitable via the username and password parameters. The root cause is unparameterized SQL handling in the login routine, enabling an attacker to affe...

CVE-2024-50838

A Stored Cross-Site Scripting (XSS) vulnerability affects Kashipara E-learning Management System Project 1.0, located in /admin/department.php. The flaw allows remote attackers to inject and execute arbitrary scripts via the d and pi parameters. According to the connected documents, the issue is ...