E-learning Management System Project
by Kashipara
CVEs (41)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-54934 | Cri | 0.64 | 9.8 | 0.01 | Dec 9, 2024 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php. | ||
| CVE-2024-54932 | Cri | 0.64 | 9.8 | 0.01 | Dec 9, 2024 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php. | ||
| CVE-2024-54931 | Cri | 0.64 | 9.8 | 0.01 | Dec 9, 2024 | A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. | ||
| CVE-2024-54925 | Cri | 0.64 | 9.8 | 0.01 | Dec 9, 2024 | A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. | ||
| CVE-2024-54924 | Cri | 0.64 | 9.8 | 0.01 | Dec 9, 2024 | A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters. | ||
| CVE-2024-54923 | Cri | 0.64 | 9.8 | 0.01 | Dec 9, 2024 | A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter. | ||
| CVE-2024-54921 | Cri | 0.64 | 9.8 | 0.01 | Dec 9, 2024 | A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters. | ||
| CVE-2024-54918 | Cri | 0.64 | 9.8 | 0.01 | Dec 9, 2024 | Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php. | ||
| CVE-2024-54920 | Cri | 0.64 | 9.8 | 0.01 | Dec 9, 2024 | A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters. | ||
| CVE-2024-50823 | Cri | 0.64 | 9.8 | 0.00 | Nov 14, 2024 | A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters. | ||
| CVE-2024-50833 | Cri | 0.64 | 9.8 | 0.01 | Nov 14, 2024 | A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters. | ||
| CVE-2024-54926 | Hig | 0.57 | 8.8 | 0.01 | Dec 9, 2024 | A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter. | ||
| CVE-2024-54938 | Hig | 0.49 | 7.5 | 0.01 | Dec 9, 2024 | A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads. | ||
| CVE-2024-54928 | Hig | 0.47 | 7.2 | 0.00 | Dec 9, 2024 | kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php, | ||
| CVE-2024-54927 | Hig | 0.47 | 7.2 | 0.00 | Dec 9, 2024 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php. | ||
| CVE-2024-54933 | Hig | 0.47 | 7.2 | 0.00 | Dec 9, 2024 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php. | ||
| CVE-2024-54930 | Hig | 0.47 | 7.2 | 0.00 | Dec 9, 2024 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php. | ||
| CVE-2024-54922 | Hig | 0.47 | 7.2 | 0.01 | Dec 9, 2024 | A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters. | ||
| CVE-2024-54929 | Hig | 0.47 | 7.2 | 0.00 | Dec 9, 2024 | KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php. | ||
| CVE-2024-50831 | Hig | 0.47 | 7.2 | 0.00 | Nov 14, 2024 | A SQL Injection was found in /admin/admin_user.php in kashipara E-learning Management System Project 1.0 via the username and password parameters. |
- risk 0.64cvss 9.8epss 0.01
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php.
- risk 0.64cvss 9.8epss 0.01
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php.
- risk 0.64cvss 9.8epss 0.01
A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.
- risk 0.64cvss 9.8epss 0.01
A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.
- risk 0.64cvss 9.8epss 0.01
A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters.
- risk 0.64cvss 9.8epss 0.01
A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter.
- risk 0.64cvss 9.8epss 0.01
A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters.
- risk 0.64cvss 9.8epss 0.01
Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php.
- risk 0.64cvss 9.8epss 0.01
A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters.
- risk 0.64cvss 9.8epss 0.00
A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.
- risk 0.64cvss 9.8epss 0.01
A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters.
- risk 0.57cvss 8.8epss 0.01
A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter.
- risk 0.49cvss 7.5epss 0.01
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads.
- risk 0.47cvss 7.2epss 0.00
kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php,
- risk 0.47cvss 7.2epss 0.00
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php.
- risk 0.47cvss 7.2epss 0.00
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php.
- risk 0.47cvss 7.2epss 0.00
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php.
- risk 0.47cvss 7.2epss 0.01
A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters.
- risk 0.47cvss 7.2epss 0.00
KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php.
- risk 0.47cvss 7.2epss 0.00
A SQL Injection was found in /admin/admin_user.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.
Page 1 of 3