Learning Management System
by WordPress
Source repositories
CVEs (39)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-54932 | 0.00 | — | 0.00 | Dec 9, 2024 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php. | |||
| CVE-2024-54937 | 0.00 | — | 0.00 | Dec 9, 2024 | A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets. | |||
| CVE-2024-54928 | 0.00 | — | 0.00 | Dec 9, 2024 | kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php, | |||
| CVE-2024-54930 | 0.00 | — | 0.00 | Dec 9, 2024 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php. | |||
| CVE-2024-54924 | 0.00 | — | 0.01 | Dec 9, 2024 | A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters. | |||
| CVE-2024-54929 | 0.00 | — | 0.00 | Dec 9, 2024 | KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php. | |||
| CVE-2024-54938 | 0.00 | — | 0.01 | Dec 9, 2024 | A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads. | |||
| CVE-2024-54920 | 0.00 | — | 0.01 | Dec 9, 2024 | A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters. | |||
| CVE-2024-54918 | 0.00 | — | 0.01 | Dec 9, 2024 | Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php. | |||
| CVE-2024-54936 | 0.00 | — | 0.00 | Dec 9, 2024 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter. | |||
| CVE-2024-54927 | 0.00 | — | 0.00 | Dec 9, 2024 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php. | |||
| CVE-2024-54923 | 0.00 | — | 0.01 | Dec 9, 2024 | A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter. | |||
| CVE-2024-54922 | 0.00 | — | 0.01 | Dec 9, 2024 | A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters. | |||
| CVE-2024-54925 | 0.00 | — | 0.01 | Dec 9, 2024 | A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. | |||
| CVE-2024-54919 | 0.00 | — | 0.00 | Dec 9, 2024 | A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter. | |||
| CVE-2024-50842 | 0.00 | — | 0.00 | Nov 14, 2024 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/school_year.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the school_year parameter. | |||
| CVE-2024-50840 | 0.00 | — | 0.00 | Nov 14, 2024 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter. | |||
| CVE-2024-50837 | 0.00 | — | 0.00 | Nov 14, 2024 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters. | |||
| CVE-2021-25200 | 0.00 | — | 0.02 | Jul 28, 2021 | Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to \lms\student_avatar.php. |
- CVE-2024-54932Dec 9, 2024risk 0.00cvss —epss 0.00
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php.
- CVE-2024-54937Dec 9, 2024risk 0.00cvss —epss 0.00
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets.
- CVE-2024-54928Dec 9, 2024risk 0.00cvss —epss 0.00
kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php,
- CVE-2024-54930Dec 9, 2024risk 0.00cvss —epss 0.00
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php.
- CVE-2024-54924Dec 9, 2024risk 0.00cvss —epss 0.01
A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters.
- CVE-2024-54929Dec 9, 2024risk 0.00cvss —epss 0.00
KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php.
- CVE-2024-54938Dec 9, 2024risk 0.00cvss —epss 0.01
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads.
- CVE-2024-54920Dec 9, 2024risk 0.00cvss —epss 0.01
A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters.
- CVE-2024-54918Dec 9, 2024risk 0.00cvss —epss 0.01
Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php.
- CVE-2024-54936Dec 9, 2024risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.
- CVE-2024-54927Dec 9, 2024risk 0.00cvss —epss 0.00
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php.
- CVE-2024-54923Dec 9, 2024risk 0.00cvss —epss 0.01
A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter.
- CVE-2024-54922Dec 9, 2024risk 0.00cvss —epss 0.01
A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters.
- CVE-2024-54925Dec 9, 2024risk 0.00cvss —epss 0.01
A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.
- CVE-2024-54919Dec 9, 2024risk 0.00cvss —epss 0.00
A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter.
- CVE-2024-50842Nov 14, 2024risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/school_year.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the school_year parameter.
- CVE-2024-50840Nov 14, 2024risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter.
- CVE-2024-50837Nov 14, 2024risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters.
- CVE-2021-25200Jul 28, 2021risk 0.00cvss —epss 0.02
Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to \lms\student_avatar.php.
Page 2 of 2