E-learning Management System Security Vulnerabilities and Issues — E-learning Management System CVE List

Lucene search

LopalopaE-learning Management System

21 matches found

CVE•added 2024/12/09 3:15 p.m.•64 views

CVE-2024-54920

A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters.

9.8CVSS8.4AI score0.00298EPSS

CVE•added 2024/12/09 7:15 p.m.•63 views

CVE-2024-54924

A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters.

9.8CVSS9.1AI score0.00298EPSS

CVE•added 2024/12/09 7:15 p.m.•61 views

CVE-2024-54918

Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php.

9.8CVSS7.8AI score0.02315EPSS

CVE•added 2024/12/09 7:15 p.m.•58 views

CVE-2024-54923

A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter.

9.8CVSS9.1AI score0.00298EPSS

CVE•added 2024/12/09 7:15 p.m.•57 views

CVE-2024-54921

A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters.

9.8CVSS9.1AI score0.00298EPSS

CVE•added 2024/12/09 7:15 p.m.•57 views

CVE-2024-54925

A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.

9.8CVSS9.1AI score0.00298EPSS

CVE•added 2024/12/09 2:15 p.m.•57 views

CVE-2024-54937

A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets.

5.3CVSS6.6AI score0.00098EPSS

CVE•added 2024/12/09 2:15 p.m.•54 views

CVE-2024-54929

KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php.

7.2CVSS8AI score0.00095EPSS

CVE•added 2024/12/09 6:15 p.m.•52 views

CVE-2024-54922

A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters.

9.8CVSS8.4AI score0.00282EPSS

CVE•added 2024/12/09 3:15 p.m.•51 views

CVE-2024-54919

A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter.

5.4CVSS7AI score0.00053EPSS

CVE•added 2024/12/09 7:15 p.m.•50 views

CVE-2024-54927

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php.

7.2CVSS8.3AI score0.00095EPSS

CVE•added 2024/12/09 6:15 p.m.•50 views

CVE-2024-54933

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php.

9.8CVSS8.1AI score0.00095EPSS

CVE•added 2024/12/09 7:15 p.m.•49 views

CVE-2024-54938

A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads.

7.5CVSS7.2AI score0.00124EPSS

CVE•added 2024/12/09 2:15 p.m.•48 views

CVE-2024-54936

A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.

5.4CVSS5.7AI score0.00107EPSS

CVE•added 2024/12/09 7:15 p.m.•47 views

CVE-2024-54931

A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.

9.8CVSS9.1AI score0.00219EPSS

CVE•added 2024/12/09 6:15 p.m.•47 views

CVE-2024-54935

A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.

5.4CVSS5.9AI score0.00107EPSS

CVE•added 2024/12/09 6:15 p.m.•45 views

CVE-2024-54930

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php.

9.8CVSS8.1AI score0.0007EPSS

CVE•added 2024/12/09 7:15 p.m.•45 views

CVE-2024-54934

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php.

9.8CVSS8.1AI score0.00101EPSS

CVE•added 2024/12/09 7:15 p.m.•43 views

CVE-2024-54928

kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php,

7.2CVSS8.3AI score0.00092EPSS

CVE•added 2024/12/09 7:15 p.m.•41 views

CVE-2024-54932

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php.

9.8CVSS8.1AI score0.00074EPSS

CVE•added 2024/12/09 5:15 p.m.•40 views

CVE-2024-54926

A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter.

9.8CVSS8.9AI score0.0029EPSS