Lucene search
K

757 matches found

Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.7 views

PT-2024-36455 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: Kashipara E-Learning Management System version 1.0 Description: A Directory Listing issue allows remote attackers to access sensitive files and directories via the "/admin/assets" API endpoint. This issue enables unauthorized access to...

5.3CVSS7AI score0.00452EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/12/09 12:0 a.m.14 views

CVE-2024-54935

A Stored Cross-Site Scripting XSS vulnerability was found in /sendmessageteachertostudent.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the mymessage parameter...

0.0038EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/12/09 12:0 a.m.21 views

CVE-2024-54929

KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deletesubject.php...

0.00484EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/12/09 12:0 a.m.13 views

CVE-2024-54928

kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deleteteacher.php,...

7.3AI score0.00465EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.4 views

PT-2024-36450 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: Kashipara E-Learning Management System version 1.0 Description: The issue concerns a SQL Injection vulnerability in the /admin/delete department.php endpoint. This vulnerability can be exploited to inject malicious SQL code. Recommendations:...

9.8CVSS7.6AI score0.00486EPSS
Exploits1References5
CVE
CVE
added 2024/12/09 12:0 a.m.72 views

CVE-2024-54925

CVE-2024-54925 is a SQL injection vulnerability in Kashipara E-learning Management System v1.0. The flaw resides in the /remove_sent_message.php endpoint (parameter: id), allowing remote attackers to execute arbitrary SQL commands and gain unauthorized database access. Reported CVSSv3.1 base scor...

9.8CVSS9.1AI score0.00571EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/12/09 12:0 a.m.21 views

CVE-2024-54937

A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets...

0.00452EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/12/09 12:0 a.m.8 views

CVE-2024-54920

A SQL Injection vulnerability was found in /teachersignup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and classid parameters...

8.8AI score0.00571EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.6 views

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0, which originates from an SQL injection vulnerability in /admin/deletecontent.php...

9.8CVSS7.9AI score0.00469EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/12/09 12:0 a.m.25 views

CVE-2024-54933

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deletecontent.php...

0.00469EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.3 views

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary scripts via the mymessage parameter...

5.4CVSS7.2AI score0.0038EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/12/09 12:0 a.m.23 views

CVE-2024-54923

A SQL Injection vulnerability was found in /admin/editteacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter...

0.00571EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/12/09 12:0 a.m.18 views

CVE-2024-54924

A SQL Injection was found in /admin/editcontent.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters...

0.00571EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/12/09 12:0 a.m.11 views

CVE-2024-54921

A SQL Injection was found in /studentsignup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and classid parameters...

10AI score0.00571EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/12/09 12:0 a.m.18 views

CVE-2024-54921

A SQL Injection was found in /studentsignup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and classid parameters...

0.00571EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/12/09 12:0 a.m.26 views

CVE-2024-54936

A Stored Cross-Site Scripting XSS vulnerability was found in /sendmessage.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the mymessage parameter...

0.00395EPSS
Exploits1References1
CVE
CVE
added 2024/12/09 12:0 a.m.67 views

CVE-2024-54922

CVE-2024-54922 affects Kashipara E-learning Management System v1.0. A SQL Injection vulnerability exists in the web endpoint/workflow involving the file /admin/edit_user.php, impacting input parameters firstname , lastname , and username . The flaw allows remote attackers to execute arbitrary SQL...

9.8CVSS8.4AI score0.00551EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.10 views

PT-2024-36456 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: Kashipara E-Learning Management System version 1.0 Description: A Directory Listing issue was found in Kashipara E-Learning Management System, which allows remote attackers to access sensitive files and directories via the "/admin/uploads" AP...

7.5CVSS6.3AI score0.00545EPSS
Exploits1References6
Cvelist
Cvelist
added 2024/12/09 12:0 a.m.20 views

CVE-2024-54934

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deleteclass.php...

0.00486EPSS
Exploits1References1
NVD
NVD
added 2024/12/06 2:15 p.m.13 views

CVE-2024-11321

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Hi e-learning Learning Management System LMS allows Reflected XSS. This issue affects Learning Management System LMS: before 06.12.2024...

5.4CVSS0.00303EPSS
Exploits0References2
Rows per page
Query Builder