E-learning Management System Security Vulnerabilities and Issues — E-learning Management System CVE List

Lucene search

LopalopaE-learning Management System

41 matches found

CVE•added 2024/12/09 3:15 p.m.•64 views

CVE-2024-54920

A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters.

9.8CVSS8.4AI score0.00298EPSS

CVE•added 2024/12/09 7:15 p.m.•63 views

CVE-2024-54924

A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters.

9.8CVSS9.1AI score0.00298EPSS

CVE•added 2024/12/09 7:15 p.m.•61 views

CVE-2024-54918

Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php.

9.8CVSS7.8AI score0.02315EPSS

CVE•added 2024/12/09 7:15 p.m.•58 views

CVE-2024-54923

A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter.

9.8CVSS9.1AI score0.00298EPSS

CVE•added 2024/12/09 7:15 p.m.•57 views

CVE-2024-54921

A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters.

9.8CVSS9.1AI score0.00298EPSS

CVE•added 2024/12/09 7:15 p.m.•57 views

CVE-2024-54925

A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.

9.8CVSS9.1AI score0.00298EPSS

CVE•added 2024/12/09 2:15 p.m.•57 views

CVE-2024-54937

A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets.

5.3CVSS6.6AI score0.00098EPSS

CVE•added 2024/12/09 2:15 p.m.•54 views

CVE-2024-54929

KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php.

7.2CVSS8AI score0.00095EPSS

CVE•added 2024/12/09 6:15 p.m.•52 views

CVE-2024-54922

A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters.

9.8CVSS8.4AI score0.00282EPSS

CVE•added 2024/12/09 3:15 p.m.•51 views

CVE-2024-54919

A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter.

5.4CVSS7AI score0.00053EPSS

CVE•added 2024/12/09 7:15 p.m.•50 views

CVE-2024-54927

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php.

7.2CVSS8.3AI score0.00095EPSS

CVE•added 2024/12/09 6:15 p.m.•50 views

CVE-2024-54933

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php.

9.8CVSS8.1AI score0.00095EPSS

CVE•added 2024/12/09 7:15 p.m.•49 views

CVE-2024-54938

A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads.

7.5CVSS7.2AI score0.00124EPSS

CVE•added 2024/12/09 2:15 p.m.•48 views

CVE-2024-54936

A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.

5.4CVSS5.7AI score0.00107EPSS

CVE•added 2024/11/14 5:15 p.m.•47 views

CVE-2024-50832

A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.

7.2CVSS8.5AI score0.00049EPSS

CVE•added 2024/11/14 2:15 p.m.•47 views

CVE-2024-50841

A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/calendar_of_events.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the date_start, date_end, and title parameters.

5.4CVSS5.7AI score0.00117EPSS

CVE•added 2024/12/09 7:15 p.m.•47 views

CVE-2024-54931

A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.

9.8CVSS9.1AI score0.00219EPSS

CVE•added 2024/12/09 6:15 p.m.•47 views

CVE-2024-54935

A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.

5.4CVSS5.9AI score0.00107EPSS

CVE•added 2024/12/09 6:15 p.m.•45 views

CVE-2024-54930

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php.

9.8CVSS8.1AI score0.0007EPSS

CVE•added 2024/12/09 7:15 p.m.•45 views

CVE-2024-54934

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php.

9.8CVSS8.1AI score0.00101EPSS

CVE•added 2024/12/09 7:15 p.m.•43 views

CVE-2024-54928

kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php,

7.2CVSS8.3AI score0.00092EPSS

CVE•added 2024/11/14 6:15 p.m.•42 views

CVE-2024-50823

A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.

9.8CVSS8AI score0.00056EPSS

CVE•added 2024/11/14 6:15 p.m.•42 views

CVE-2024-50830

A SQL Injection vulnerability was found in /admin/calendar_of_events.php in kashipara E-learning Management System Project 1.0 via the date_start, date_end, and title parameters.

7.2CVSS7.8AI score0.00049EPSS

CVE•added 2024/11/14 2:15 p.m.•41 views

CVE-2024-50840

A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter.

5.4CVSS5.7AI score0.00363EPSS

CVE•added 2024/12/09 7:15 p.m.•41 views

CVE-2024-54932

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php.

9.8CVSS8.1AI score0.00074EPSS

CVE•added 2024/11/14 6:15 p.m.•40 views

CVE-2024-50825

A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter.

7.2CVSS7.8AI score0.00049EPSS

CVE•added 2024/11/14 6:15 p.m.•40 views

CVE-2024-50827

A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter.

7.2CVSS7.8AI score0.00036EPSS

CVE•added 2024/11/14 6:15 p.m.•40 views

CVE-2024-50829

A SQL Injection vulnerability was found in /admin/edit_subject.php in kashipara E-learning Management System Project 1.0 via the unit parameter.

7.2CVSS7.8AI score0.00049EPSS

CVE•added 2024/11/14 6:15 p.m.•40 views

CVE-2024-50831

A SQL Injection was found in /admin/admin_user.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.

7.2CVSS8AI score0.00049EPSS

CVE•added 2024/11/14 3:15 p.m.•40 views

CVE-2024-50837

A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters.

5.4CVSS5.7AI score0.00117EPSS

CVE•added 2024/12/09 5:15 p.m.•40 views

CVE-2024-54926

A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter.

9.8CVSS8.9AI score0.0029EPSS

CVE•added 2024/11/14 6:15 p.m.•39 views

CVE-2024-50826

A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters.

7.2CVSS7.8AI score0.00036EPSS

CVE•added 2024/11/14 5:15 p.m.•39 views

CVE-2024-50834

A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0 via the firstname and lastname parameters.

7.2CVSS8.2AI score0.00036EPSS

CVE•added 2024/11/14 2:15 p.m.•39 views

CVE-2024-50839

A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/add_subject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subject_code and title parameters.

5.4CVSS5.7AI score0.00135EPSS

CVE•added 2024/11/14 6:15 p.m.•38 views

CVE-2024-50824

A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.

7.2CVSS7.8AI score0.00049EPSS

CVE•added 2024/11/14 3:15 p.m.•38 views

CVE-2024-50838

A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters.

5.4CVSS5.7AI score0.00135EPSS

CVE•added 2024/11/14 2:15 p.m.•37 views

CVE-2024-50842

A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/school_year.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the school_year parameter.

5.4CVSS5.7AI score0.00117EPSS

CVE•added 2024/11/14 5:15 p.m.•36 views

CVE-2024-50836

A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and lastname parameters.

5.4CVSS6AI score0.00104EPSS

CVE•added 2024/11/14 6:15 p.m.•35 views

CVE-2024-50828

A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter.

7.2CVSS7.8AI score0.00036EPSS

CVE•added 2024/11/14 5:15 p.m.•35 views

CVE-2024-50833

A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters.

9.8CVSS8.6AI score0.00056EPSS

CVE•added 2024/11/14 5:15 p.m.•34 views

CVE-2024-50835

A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters.

7.2CVSS8.2AI score0.00036EPSS