757 matches found
PT-2024-36455 · Unknown · Kashipara E-Learning Management System
Name of the Vulnerable Software and Affected Versions: Kashipara E-Learning Management System version 1.0 Description: A Directory Listing issue allows remote attackers to access sensitive files and directories via the "/admin/assets" API endpoint. This issue enables unauthorized access to...
CVE-2024-54935
A Stored Cross-Site Scripting XSS vulnerability was found in /sendmessageteachertostudent.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the mymessage parameter...
CVE-2024-54929
KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deletesubject.php...
CVE-2024-54928
kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deleteteacher.php,...
PT-2024-36450 · Unknown · Kashipara E-Learning Management System
Name of the Vulnerable Software and Affected Versions: Kashipara E-Learning Management System version 1.0 Description: The issue concerns a SQL Injection vulnerability in the /admin/delete department.php endpoint. This vulnerability can be exploited to inject malicious SQL code. Recommendations:...
CVE-2024-54925
CVE-2024-54925 is a SQL injection vulnerability in Kashipara E-learning Management System v1.0. The flaw resides in the /remove_sent_message.php endpoint (parameter: id), allowing remote attackers to execute arbitrary SQL commands and gain unauthorized database access. Reported CVSSv3.1 base scor...
CVE-2024-54937
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets...
CVE-2024-54920
A SQL Injection vulnerability was found in /teachersignup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and classid parameters...
Kashipara E-learning Management System 安全漏洞
Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0, which originates from an SQL injection vulnerability in /admin/deletecontent.php...
CVE-2024-54933
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deletecontent.php...
Kashipara E-learning Management System 安全漏洞
Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary scripts via the mymessage parameter...
CVE-2024-54923
A SQL Injection vulnerability was found in /admin/editteacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter...
CVE-2024-54924
A SQL Injection was found in /admin/editcontent.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters...
CVE-2024-54921
A SQL Injection was found in /studentsignup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and classid parameters...
CVE-2024-54921
A SQL Injection was found in /studentsignup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and classid parameters...
CVE-2024-54936
A Stored Cross-Site Scripting XSS vulnerability was found in /sendmessage.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the mymessage parameter...
CVE-2024-54922
CVE-2024-54922 affects Kashipara E-learning Management System v1.0. A SQL Injection vulnerability exists in the web endpoint/workflow involving the file /admin/edit_user.php, impacting input parameters firstname , lastname , and username . The flaw allows remote attackers to execute arbitrary SQL...
PT-2024-36456 · Unknown · Kashipara E-Learning Management System
Name of the Vulnerable Software and Affected Versions: Kashipara E-Learning Management System version 1.0 Description: A Directory Listing issue was found in Kashipara E-Learning Management System, which allows remote attackers to access sensitive files and directories via the "/admin/uploads" AP...
CVE-2024-54934
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deleteclass.php...
CVE-2024-11321
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Hi e-learning Learning Management System LMS allows Reflected XSS. This issue affects Learning Management System LMS: before 06.12.2024...