CVE-2024-50836

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and lastname parameters...

CVE-2024-50824

A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the classname parameter...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara Inc. A security vulnerability exists in Kashipara E-learning Management System version 1.0 that stems from vulnerability to a stored cross-site scripting attack, which allows remote attackers to execute arbitrar...

CVE-2024-50829

A SQL Injection vulnerability was found in /admin/editsubject.php in kashipara E-learning Management System Project 1.0 via the unit parameter...

CVE-2024-50835

A SQL Injection vulnerability was found in /admin/editstudent.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters...

CVE-2024-50837

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/adminuser.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters...

CVE-2024-50839

CVE-2024-50839 : A Stored XSS in Kashipara E-learning Management System Project 1.0 affects the /admin/add_subject.php endpoint, allowing remote attackers to inject scripts via the subject_code and title parameters. Root cause: input fields not properly sanitized in the admin add_subject API. Imp...

CVE-2024-50833

Summary: CVE-2024-50833 is a SQL Injection in the KASHIPARA E-learning Management System Project 1.0, exploitable via /login.php using the username and password parameters. The vulnerability affects version 1.0 of the system and is described across multiple feeds, with a high-severity impact (NVD...

CVE-2024-50823

A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters...

PT-2024-34437 · Unknown · Kashipara E-Learning Management System Project

Name of the Vulnerable Software and Affected Versions: KASHIPARA E-learning Management System Project version 1.0 Description: A Stored Cross-Site Scripting XSS issue was discovered in the "/admin/add subject.php" and "/lms/admin/add subject.php" API endpoints, allowing remote attackers to execut...

Kashipara E-learning Management System 跨站脚本漏洞

Kashipara E-learning Management System is a learning management system from Kashipara Inc. A cross-site scripting vulnerability exists in Kashipara E-learning Management System version 1.0, which is rooted in a stored cross-site scripting attack that allows a remote attacker to execute arbitrary...

CVE-2024-50823

A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters...

CVE-2024-50837

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/adminuser.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters...

CVE-2024-50832

A SQL Injection vulnerability was found in /admin/editclass.php in kashipara E-learning Management System Project 1.0 via the classname parameter...

CVE-2024-50831

A SQL Injection was found in /admin/adminuser.php in kashipara E-learning Management System Project 1.0 via the username and password parameters...

CVE-2024-50829

CVE-2024-50829 describes a SQL injection in the Kashipara E-learning Management System Project 1.0. The vulnerability is triggered via the unit parameter in the endpoint /admin/edit_subject.php. Evidence from multiple sources (NVD, Red Hat, CVE lists) confirms the affected component and the injec...

PT-2024-34422 · Unknown · Kashipara E-Learning Management System Project

Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System Project version 1.0 Description: A SQL Injection issue was found in the /admin/class.php file via the class name parameter. This allows for potential exploitation. Recommendations: For kashipara E-learni...

CVE-2024-50826

Summary of CVE-2024-50826 : The Red/Blue documents describe a SQL injection vulnerability in Kashipara E-learning Management System Project 1.0, exploitable via the title and content parameters of /admin/add_content.php. The underlying issue is unvalidated input used to construct SQL queries, ena...

CVE-2024-50831

CVE-2024-50831 affects the Kashipara E-learning Management System Project 1.0. A SQL injection vulnerability exists in the admin interface at /admin/admin_user.php, exploitable via the username and password parameters. CVSS data from multiple sources indicate a high-severity impact with potential...

CVE-2024-50825

A SQL Injection vulnerability was found in /admin/schoolyear.php in kashipara E-learning Management System Project 1.0 via the schoolyear parameter...