VYPR

College Management System

by Kashipara

CVEs (77)

  • CVE-2024-46334Nov 17, 2025
    risk 0.00cvss epss 0.00

    kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the formuser and formpassword parameters in /adminLogin.php.

  • CVE-2024-46336Nov 17, 2025
    risk 0.00cvss epss 0.00

    kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /client_user/feedback.php.

  • CVE-2024-42797Sep 24, 2024
    risk 0.00cvss epss 0.01

    An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries.

  • CVE-2024-42794Sep 16, 2024
    risk 0.00cvss epss 0.00

    Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user.

  • CVE-2024-42798Sep 16, 2024
    risk 0.00cvss epss 0.00

    An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account.

  • CVE-2024-42795Sep 16, 2024
    risk 0.00cvss epss 0.00

    An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details.

  • CVE-2024-42796Sep 16, 2024
    risk 0.00cvss epss 0.00

    An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries.

  • CVE-2024-42793Aug 28, 2024
    risk 0.00cvss epss 0.00

    A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page.

  • CVE-2024-42790Aug 26, 2024
    risk 0.00cvss epss 0.00

    A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/index.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter.

  • CVE-2024-42791Aug 26, 2024
    risk 0.00cvss epss 0.01

    A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_genre.

  • CVE-2024-42788Aug 26, 2024
    risk 0.00cvss epss 0.00

    A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "artist" parameter fields.

  • CVE-2024-42789Aug 26, 2024
    risk 0.00cvss epss 0.01

    A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/controller.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter.

  • CVE-2024-42792Aug 26, 2024
    risk 0.00cvss epss 0.00

    A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_playlist page.

  • CVE-2024-42787Aug 26, 2024
    risk 0.00cvss epss 0.00

    A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "description" parameter fields.

  • CVE-2024-42768Aug 22, 2024
    risk 0.00cvss epss 0.00

    A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php.

  • CVE-2024-42773Aug 22, 2024
    risk 0.00cvss epss 0.00

    An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the administrator section.

  • CVE-2024-42774Aug 22, 2024
    risk 0.00cvss epss 0.00

    An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section.

  • CVE-2024-42771Aug 22, 2024
    risk 0.00cvss epss 0.00

    A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" parameter.

  • CVE-2024-42776Aug 22, 2024
    risk 0.00cvss epss 0.01

    Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php.

  • CVE-2024-42772Aug 22, 2024
    risk 0.00cvss epss 0.00

    An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section.

Page 1 of 4