17 matches found
CVE-2024-41248
Kashipara Responsive School Management System v3.2.0 contains an Incorrect Access Control issue in /smsa/add_subject.php and /smsa/add_subject_submit.php that allows remote unauthenticated users to add a new subject entry. The root cause is improper access control for these API endpoints, enablin...
CVE-2024-41239
The CVE-2024-41239 entry describes a Stored Cross-Site Scripting (XSS) in Kashipara/Responsive School Management System v3.2.0, specifically in /smsa/add_class_submit.php, where the class_name parameter can be exploited to execute arbitrary code. Connected sources (NVD, Red Hat, CVE lists) consis...
CVE-2024-41250
CVE-2024-41250 describes an Incorrect Access Control vulnerability in Kashipara Responsive School Management System v3.2.0. The weakness is in the /smsa/view_students.php endpoint, where remote, unauthenticated attackers can view STUDENT details due to access-control flaws. Reports from multiple ...
CVE-2024-41238
CVE-2024-41238 affects Kashipara Responsive School Management System v1.0, with a SQL injection vulnerability in the /smsa/student_login.php endpoint. The issue is exploitable via the username parameter, enabling arbitrary SQL commands (no user interaction required). Industry sources consistently...
CVE-2024-41236
CVE-2024-41236 affects Kashipara Responsive School Management System v3.2.0. The vulnerability resides in /smsa/admin_login.php, where the username parameter of the Admin Login Page is susceptible to SQL injection. This allows an attacker to execute arbitrary SQL commands on the backend. Impact d...
CVE-2024-41244
Concretely affected: Kashipara Responsive School Management System v3.2.0. The vulnerability is an Incorrect Access Control in the /smsa/view_class.php endpoint that allows remote unauthenticated attackers to view CLASS details. Root cause cited across sources is access-control failure enabling d...
CVE-2024-41237
CVE-2024-41237 concerns Kashipara Responsive School Management System v1.0, with a SQL injection in /smsa/teacher_login.php exploitable via the username parameter. The vulnerability allows arbitrary SQL execution, evidencing high impact on confidentiality, integrity, and availability (per CVSS 3....
CVE-2024-41245
CVE-2024-41245 is an Incorrect Access Control vulnerability affecting Kashipara Responsive School Management System v3.2.0. The flaw exists in the /smsa/view_teachers.php endpoint, enabling remote unauthenticated attackers to view TEACHER details. Descriptions across sources confirm the same issu...
CVE-2024-41251
CVE-2024-41251 affects Kashipara Responsive School Management System v3.2.0. The issue is an Incorrect Access Control in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php that allows remote unauthenticated attackers to view and approve teacher registra...
CVE-2024-41242
CVE-2024-41242 is a Reflected Cross Site Scripting (XSS) vulnerability in Kashipara Responsive School Management System v3.2.0, occurring in /smsa/student_login.php via the error parameter. The related Red Hat and CVE records corroborate that remote attackers can inject scripts, with impact descr...
CVE-2024-41243
CVE-2024-41243 : An Incorrect Access Control flaw exists in Kashipara Responsive School Management System v3.2.0, in the /smsa/view_marks.php endpoint. The vulnerability allows remote unauthenticated attackers to view MARKS details, exposing confidential student data. The public documents do not ...
CVE-2024-41246
CVE-2024-41246 affects Kashipara Responsive School Management System v3.2.0. An Incorrect Access Control flaw in /smsa/admin_dashboard.php allows remote unauthenticated attackers to view the administrator dashboard. This is corroborated across multiple sources (NVD, Red Hat, CVE listings). The do...
CVE-2024-41249
Kashipara Responsive School Management System v3.2.0 suffers an Incorrect Access Control flaw in /smsa/view_subject.php that allows remote unauthenticated attackers to view SUBJECT details. This is documented across multiple sources (CVE-2024-41249; Red Hat and NVD entries) with no explicit patch...
CVE-2024-41252
Kashipara Responsive School Management System v3.2.0 contains an Incorrect Access Control flaw affecting /smsa/admin_student_register_approval.php and /smsa/admin_student_register_approval_submit.php. Remote, unauthenticated attackers can view and approve student registrations due to insufficient...
CVE-2024-41247
CVE-2024-41247 affects Kashipara Responsive School Management System v3.2.0. The vulnerability is an Incorrect Access Control in /smsa/add_class.php and /smsa/add_class_submit.php, allowing remote unauthenticated attackers to add a new class entry. Multiple sources confirm the endpoints and affec...
CVE-2024-41241
Summary of CVE-2024-41241 : A reflected XSS vulnerability in Kashipara Responsive School Management System v3.2.0 affects the endpoint /smsa/admin_login.php , exploitable via the error parameter to execute arbitrary code in affected deployments. Public risk details vary: NVD lists a CVSS‑3.1 base...
CVE-2024-41240
CVE-2024-41240 affects Kashipara Responsive School Management System v3.2.0. The Reflected XSS exists in /smsa/teacher_login.php via the error parameter, enabling remote attackers to execute arbitrary code. Documented CVSS metrics show median impact with low integrity/I, low confidentiality, and ...