E-learning Management System Project
by Kashipara
CVEs (41)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-50830 | Hig | 0.47 | 7.2 | 0.00 | Nov 14, 2024 | A SQL Injection vulnerability was found in /admin/calendar_of_events.php in kashipara E-learning Management System Project 1.0 via the date_start, date_end, and title parameters. | ||
| CVE-2024-50829 | Hig | 0.47 | 7.2 | 0.00 | Nov 14, 2024 | A SQL Injection vulnerability was found in /admin/edit_subject.php in kashipara E-learning Management System Project 1.0 via the unit parameter. | ||
| CVE-2024-50828 | Hig | 0.47 | 7.2 | 0.00 | Nov 14, 2024 | A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter. | ||
| CVE-2024-50827 | Hig | 0.47 | 7.2 | 0.00 | Nov 14, 2024 | A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter. | ||
| CVE-2024-50826 | Hig | 0.47 | 7.2 | 0.00 | Nov 14, 2024 | A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters. | ||
| CVE-2024-50825 | Hig | 0.47 | 7.2 | 0.00 | Nov 14, 2024 | A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter. | ||
| CVE-2024-50824 | Hig | 0.47 | 7.2 | 0.00 | Nov 14, 2024 | A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter. | ||
| CVE-2024-50835 | Hig | 0.47 | 7.2 | 0.01 | Nov 14, 2024 | A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters. | ||
| CVE-2024-50834 | Hig | 0.47 | 7.2 | 0.01 | Nov 14, 2024 | A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0 via the firstname and lastname parameters. | ||
| CVE-2024-50832 | Hig | 0.47 | 7.2 | 0.01 | Nov 14, 2024 | A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter. | ||
| CVE-2024-54935 | Med | 0.35 | 5.4 | 0.00 | Dec 9, 2024 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter. | ||
| CVE-2024-54919 | Med | 0.35 | 5.4 | 0.00 | Dec 9, 2024 | A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter. | ||
| CVE-2024-54936 | Med | 0.35 | 5.4 | 0.00 | Dec 9, 2024 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter. | ||
| CVE-2024-50838 | Med | 0.35 | 5.4 | 0.00 | Nov 14, 2024 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters. | ||
| CVE-2024-50837 | Med | 0.35 | 5.4 | 0.00 | Nov 14, 2024 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters. | ||
| CVE-2024-50842 | Med | 0.35 | 5.4 | 0.00 | Nov 14, 2024 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/school_year.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the school_year parameter. | ||
| CVE-2024-50841 | Med | 0.35 | 5.4 | 0.00 | Nov 14, 2024 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/calendar_of_events.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the date_start, date_end, and title parameters. | ||
| CVE-2024-50840 | Med | 0.35 | 5.4 | 0.00 | Nov 14, 2024 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter. | ||
| CVE-2024-50839 | Med | 0.35 | 5.4 | 0.00 | Nov 14, 2024 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/add_subject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subject_code and title parameters. | ||
| CVE-2024-54937 | Med | 0.34 | 5.3 | 0.00 | Dec 9, 2024 | A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets. |
- risk 0.47cvss 7.2epss 0.00
A SQL Injection vulnerability was found in /admin/calendar_of_events.php in kashipara E-learning Management System Project 1.0 via the date_start, date_end, and title parameters.
- risk 0.47cvss 7.2epss 0.00
A SQL Injection vulnerability was found in /admin/edit_subject.php in kashipara E-learning Management System Project 1.0 via the unit parameter.
- risk 0.47cvss 7.2epss 0.00
A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter.
- risk 0.47cvss 7.2epss 0.00
A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter.
- risk 0.47cvss 7.2epss 0.00
A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters.
- risk 0.47cvss 7.2epss 0.00
A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter.
- risk 0.47cvss 7.2epss 0.00
A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.
- risk 0.47cvss 7.2epss 0.01
A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters.
- risk 0.47cvss 7.2epss 0.01
A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0 via the firstname and lastname parameters.
- risk 0.47cvss 7.2epss 0.01
A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.
- risk 0.35cvss 5.4epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.
- risk 0.35cvss 5.4epss 0.00
A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter.
- risk 0.35cvss 5.4epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.
- risk 0.35cvss 5.4epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters.
- risk 0.35cvss 5.4epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters.
- risk 0.35cvss 5.4epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/school_year.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the school_year parameter.
- risk 0.35cvss 5.4epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/calendar_of_events.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the date_start, date_end, and title parameters.
- risk 0.35cvss 5.4epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter.
- risk 0.35cvss 5.4epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/add_subject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subject_code and title parameters.
- risk 0.34cvss 5.3epss 0.00
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets.
Page 2 of 3