41 matches found
CVE-2024-54918
CVE-2024-54918 affects Kashipara E-learning Management System v1.0, with Remote Code Execution via file upload in the /teacher_avatar.php endpoint. The vulnerability is classified with CVSS v3.1: 9.8 (Network attack vector, Low attack complexity, No privileges, No user interaction, with High impa...
CVE-2024-54920
Kashipara E-learning Management System v1.0 is affected by CVE-2024-54920 due to a SQL injection vulnerability in the /teacher_signup.php endpoint. The issue allows remote attackers to execute arbitrary SQL commands and gain unauthorized access to the database by supplying crafted values for firs...
CVE-2024-54923
The vulnerability CVE-2024-54923 affects Kashipara E-learning Management System v1.0. A SQL injection flaw exists in the /admin/edit_teacher.php endpoint, exploitable via the department parameter to execute arbitrary SQL commands and obtain unauthorized database access. This is supported by the i...
CVE-2024-54924
CVE-2024-54924 describes a SQL injection in Kashipara E-learning Management System v1.0, exploitable via the /admin/edit_content.php endpoint (title and content parameters) allowing remote attackers to execute arbitrary SQL and obtain unauthorized database access. The issue is documented across m...
CVE-2024-54925
CVE-2024-54925 is a SQL injection vulnerability in Kashipara E-learning Management System v1.0. The flaw resides in the /remove_sent_message.php endpoint (parameter: id), allowing remote attackers to execute arbitrary SQL commands and gain unauthorized database access. Reported CVSSv3.1 base scor...
CVE-2024-54937
The CVE-2024-54937 entry describes a Directory Listing issue in Kashipara E-Learning Management System v1.0. Affected component: the /admin/assets endpoint. Root cause: directory listing exposure allows remote attackers to access sensitive files and directories, impacting confidentiality. Exploit...
CVE-2024-54921
CVE-2024-54921 affects Kashipara E-learning Management System v1.0, with a SQL injection in /student_signup.php that allows remote attackers to execute arbitrary SQL through the username, firstname, lastname, and class_id parameters, leading to unauthorized database access. The CVSS v3.1 data ind...
CVE-2024-54922
CVE-2024-54922 affects Kashipara E-learning Management System v1.0. A SQL Injection vulnerability exists in the web endpoint/workflow involving the file /admin/edit_user.php, impacting input parameters firstname , lastname , and username . The flaw allows remote attackers to execute arbitrary SQL...
CVE-2024-50824
The CVE-2024-50824 entry concerns Kashipara E-learning Management System Project 1.0, with a SQL Injection in /admin/class.php via the class_name parameter. Affected component is the server-side PHP script handling class_name in the admin interface. The vulnerability allows attackers to manipulat...
CVE-2024-50837
CVE-2024-50837 pertains to the Kashipara E-learning Management System Project 1.0. It describes a stored XSS vulnerability in the /admin/admin_user.php endpoint where an attacker can inject scripts via the firstname and username parameters. The CVSS 3.1 base score is 5.4 (Medium) with network att...
CVE-2024-54927
Kashipara E-learning Management System v1.0 is affected by a SQL Injection vulnerability in /admin/delete_users.php. The issue stems from unsanitized input in that endpoint, enabling potential unauthorized data exposure or manipulation. CVSS details from the primary record indicate a high impact ...
CVE-2024-54929
KASHIPARA E-learning Management System v1.0 is affected by an SQL Injection in the /admin/delete_subject.php endpoint. The vulnerability arises from improper handling of input parameters in that admin action, enabling attackers with high privileges (per CVSS: Privileges Required = HIGH) and no us...
CVE-2024-50832
CVE-2024-50832 describes a SQL Injection in Kashipara E-learning Management System Project 1.0, exploitable via the class_name parameter in /admin/edit_class.php. The underlying issue is unsanitized input leading to SQL injection, with no exploitation details provided in the connected documents. ...
CVE-2024-54919
CVE-2024-54919 affects Kashipara E-learning Management System v1.0, with a Stored Cross-Site Scripting (XSS) in /teacher_avatar.php exploitable via the filename parameter. The root cause is unvalidated/unsanitized user-supplied filename input, enabling an attacker to inject JavaScript that is sto...
CVE-2024-54933
CVE-2024-54933 affects Kashipara E-learning Management System v1.0, with a SQL Injection vulnerability in the endpoint /admin/delete_content.php. The connected sources confirm the vulnerable component but do not provide exploit details, exact vulnerable parameter(s), affected versions beyond v1.0...
CVE-2024-54936
CVE-2024-54936 affects Kashipara E-learning Management System v1.0. The Stored XSS vulnerability exists in /send_message.php, exploitable via the my_message parameter, potentially enabling arbitrary script execution in a victim’s browser. Affected component: Kashipara E‑learning Management System...
CVE-2024-54931
CVE-2024-54931 relates to a SQL injection in Kashipara E-learning Management System v1.0, exposed via the /admin/delete_event.php endpoint. The vulnerability stems from unsanitized input to the id parameter, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized databas...
CVE-2024-54938
Kashipara E-Learning Management System v1.0 suffers a Directory Listing issue exposed at /admin/uploads, enabling remote access to sensitive files/directories. CVE-2024-54938 is classified with high impact (CVSS 3.1: 7.5) and network attack vector; no in‑document details on exploit specifics or a...
CVE-2024-54935
CVE-2024-54935 describes a Stored Cross-Site Scripting (XSS) in the Kashipara E-learning Management System v1.0. The vulnerability is in /send_message_teacher_to_student.php and is exploitable via the my_message parameter, enabling remote attackers to inject and execute arbitrary scripts. Impact ...
CVE-2024-50841
CVE-2024-50841 is a stored XSS vulnerability in Kashipara E-learning Management System Project 1.0. The issue resides in the /admin/calendar_of_events.php endpoint, where user-controlled input in the fields date_start, date_end, and title can be stored and later reflected, enabling remote script ...
CVE-2024-54930
CVE-2024-54930 affects Kashipara E-learning Management System v1.0. The vulnerability is an SQL Injection in the /admin/delete_student.php endpoint, caused by improper handling of input in that function. Documented impact indicates high confidentiality, integrity, and availability risks; network ...
CVE-2024-54934
CVE-2024-54934 : Kashipara E-learning Management System v1.0 is vulnerable to a SQL Injection in the /admin/delete_class.php endpoint. The vulnerability stems from unsafely constructed SQL queries in that handler, yielding high-severity impact (confidentiality, integrity, and availability). No pu...
CVE-2024-50825
Kashipara E-learning Management System Project 1.0 contains a SQL Injection in /admin/school_year.php via the school_year parameter. The vulnerability affects the application’s ability to enforce data integrity and confidentiality, with potential impact on confidentiality, integrity, and availabi...
CVE-2024-50830
Summary: CVE-2024-50830 affects Kashipara E-learning Management System Project 1.0. The vulnerability is a SQL Injection in the admin calendar page: /admin/calendar_of_events.php, exploitable via the date_start, date_end, and title parameters. Affected product/version: Kashipara E-learning Manage...
CVE-2024-54928
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php. Root cause is improper input handling enabling SQL injection; CVSS v3.1 base score 7.2 (HIGH) with impact to confidentiality, integrity, and availability. Exploitation status is not detailed i...
CVE-2024-50829
CVE-2024-50829 describes a SQL injection in the Kashipara E-learning Management System Project 1.0. The vulnerability is triggered via the unit parameter in the endpoint /admin/edit_subject.php. Evidence from multiple sources (NVD, Red Hat, CVE lists) confirms the affected component and the injec...
CVE-2024-50833
Summary: CVE-2024-50833 is a SQL Injection in the KASHIPARA E-learning Management System Project 1.0, exploitable via /login.php using the username and password parameters. The vulnerability affects version 1.0 of the system and is described across multiple feeds, with a high-severity impact (NVD...
CVE-2024-50839
CVE-2024-50839 : A Stored XSS in Kashipara E-learning Management System Project 1.0 affects the /admin/add_subject.php endpoint, allowing remote attackers to inject scripts via the subject_code and title parameters. Root cause: input fields not properly sanitized in the admin add_subject API. Imp...
CVE-2024-54932
Kashipara E-learning Management System v1.0 is affected by a SQL Injection in the /admin/delete_department.php endpoint. The issue stems from improper handling of input in this admin function, enabling attacker-controlled SQL execution with potential high impact on confidentiality, integrity, and...
CVE-2024-50823
CVE-2024-50823 affects Kashipara E-learning Management System Project 1.0. A SQL injection vulnerability exists in the /admin/login.php endpoint, exploitable via the username and password parameters. The root cause is unparameterized SQL handling in the login routine, enabling an attacker to affe...
CVE-2024-50827
CVE-2024-50827 affects Kashipara E-learning Management System Project 1.0. A SQL Injection vulnerability exists in /admin/add_subject.php via the subject_code parameter. The NVD entry lists a high impact (C/H/I/A) with a base score of 7.2 (3.1 vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Red Hat...
CVE-2024-50831
CVE-2024-50831 affects the Kashipara E-learning Management System Project 1.0. A SQL injection vulnerability exists in the admin interface at /admin/admin_user.php, exploitable via the username and password parameters. CVSS data from multiple sources indicate a high-severity impact with potential...
CVE-2024-50836
CVE-2024-50836 describes a Stored Cross-Site Scripting (XSS) flaw in Kashipara E-learning Management System Project 1.0, occurring at /admin/teachers.php. The issue enables remote attackers to inject and execute arbitrary scripts via the firstname and lastname parameters. The vulnerability is cha...
CVE-2024-50840
The CVE-2024-50840 entry describes a Stored XSS vulnerability in Kashipara E-learning Management System Project 1.0, exploitable via /admin/class.php with the class_name parameter. The root cause is unsanitized input allowing script execution in the victim’s browser. Per the connected data, the i...
CVE-2024-54926
CVE-2024-54926: Kashipara E-learning Management System v1.0 has a SQL Injection in /search_class.php via the school_year parameter, enabling remote attackers to execute arbitrary SQL and access the database. The issue’s root cause is an unsafely handled input in the search_class.php endpoint, wit...
CVE-2024-50842
CVE-2024-50842 describes a stored XSS in Kashipara E-learning Management System Project 1.0, affecting the /admin/school_year.php endpoint. The vulnerability allows remote attackers to inject and execute arbitrary scripts through the school_year parameter, implying an stored XSS due to improper i...
CVE-2024-50826
Summary of CVE-2024-50826 : The Red/Blue documents describe a SQL injection vulnerability in Kashipara E-learning Management System Project 1.0, exploitable via the title and content parameters of /admin/add_content.php. The underlying issue is unvalidated input used to construct SQL queries, ena...
CVE-2024-50834
The CVE-2024-50834 issue affects KASHIPARA E-learning Management System Project 1.0. A SQL Injection vulnerability exists in /admin/teachers.php exploitable via the firstname and lastname parameters, as documented by multiple sources. Root cause: improper handling of user-supplied input in these ...
CVE-2024-50828
The CVE-2024-50828 entry describes a SQL injection in Kashipara E-learning Management System Project 1.0, exploitable via the d parameter of /admin/edit_department.php. Affected component: the web application’s edit_department functionality; root cause: improper handling of user input leading to ...
CVE-2024-50838
A Stored Cross-Site Scripting (XSS) vulnerability affects Kashipara E-learning Management System Project 1.0, located in /admin/department.php. The flaw allows remote attackers to inject and execute arbitrary scripts via the d and pi parameters. According to the connected documents, the issue is ...
CVE-2024-50835
CVE-2024-50835 is a SQL injection vulnerability in Kashipara E-learning Management System Project 1.0, exploitable via /admin/edit_student.php using the cys, un, ln, fn, and id parameters. The NVD entry lists CVSSv3.1/7.2 HIGH (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H); a CNA entry shows a conflicting...