4 matches found
CVE-2024-40480
CVE-2024-40480 affects Kashipara Online Exam System v1.0. The vulnerability is a Broken Access Control in /admin/update.php and /admin/dashboard.php that allows remote unauthenticated attackers to view the admin dashboard and delete valid user accounts via direct URL access. The issue is confirme...
CVE-2024-40478
Kashipara Online Exam System v1.0 is affected by a Stored Cross Site Scripting (XSS) vulnerability in the /admin/afeedback.php endpoint. The issue allows remote attackers to execute arbitrary code via the rname and email parameters, as described across multiple sources (CVE-2024-40478, NVD/other ...
CVE-2024-40479
Kashipara Online Exam System v1.0 is affected by a SQL injection vulnerability in /admin/quizquestion.php, exploitable via the eid parameter. The underlying issue allows remote attackers to execute arbitrary SQL commands. Documents do not provide a confirmed patch version; a PT Security advisory ...
CVE-2025-51567
CVE-2025-51567 affects Kashipara Online Exam System V1.0. The vulnerability is an SQL Injection in the /exam/user/profile.php page. The issue is triggered via POST parameters rname, rcollage, rnumber, rgender, and rpassword, allowing remote attackers to execute arbitrary SQL commands and potentia...