757 matches found
CVE-2024-54932
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deletedepartment.php...
CVE-2024-54927
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deleteusers.php...
CVE-2024-54930
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deletestudent.php...
CVE-2024-54938
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads...
CVE-2024-54925
A SQL Injection was found in /removesentmessage.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter...
CVE-2024-54926
A SQL Injection vulnerability was found in /searchclass.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the schoolyear parameter...
CVE-2024-54935
A Stored Cross-Site Scripting XSS vulnerability was found in /sendmessageteachertostudent.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the mymessage parameter...
CVE-2024-54920
A SQL Injection vulnerability was found in /teachersignup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and classid parameters...
CVE-2024-54921
A SQL Injection was found in /studentsignup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and classid parameters...
CVE-2024-54931
A SQL Injection was found in /admin/deleteevent.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter...
CVE-2024-54928
kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deleteteacher.php,...
CVE-2024-54918
Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacheravatar.php...
CVE-2024-54934
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deleteclass.php...
CVE-2024-54922
A SQL Injection was found in /admin/edituser.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters...
CVE-2024-54924
A SQL Injection was found in /admin/editcontent.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters...
CVE-2024-54933
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deletecontent.php...
CVE-2024-54919
A Stored Cross Site Scripting XSS was found in /teacheravatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter...
CVE-2024-54936
A Stored Cross-Site Scripting XSS vulnerability was found in /sendmessage.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the mymessage parameter...
CVE-2024-54937
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets...
CVE-2024-54929
KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deletesubject.php...