Responsive School Management System
by Kashipara
CVEs (17)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-41236 | 0.00 | — | 0.00 | Aug 28, 2024 | A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page | |||
| CVE-2024-41238 | 0.00 | — | 0.00 | Aug 8, 2024 | A SQL injection vulnerability in /smsa/student_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter. | |||
| CVE-2024-41250 | 0.00 | — | 0.00 | Aug 7, 2024 | An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT details. | |||
| CVE-2024-41239 | 0.00 | — | 0.00 | Aug 7, 2024 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/smsa/add_class_submit.php" in Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "class_name" parameter field. | |||
| CVE-2024-41242 | 0.00 | — | 0.00 | Aug 7, 2024 | A Reflected Cross Site Scripting (XSS) vulnerability was found in /smsa/student_login.php in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter. | |||
| CVE-2024-41240 | 0.00 | — | 0.00 | Aug 7, 2024 | A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via the "error" parameter. | |||
| CVE-2024-41246 | 0.00 | — | 0.00 | Aug 7, 2024 | An Incorrect Access Control vulnerability was found in /smsa/admin_dashboard.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view administrator dashboard. | |||
| CVE-2024-41241 | 0.00 | — | 0.00 | Aug 7, 2024 | A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/admin_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter. | |||
| CVE-2024-41247 | 0.00 | — | 0.01 | Aug 7, 2024 | An Incorrect Access Control vulnerability was found in /smsa/add_class.php and /smsa/add_class_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new class entry. | |||
| CVE-2024-41252 | 0.00 | — | 0.01 | Aug 7, 2024 | An Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php and /smsa/admin_student_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve student registration. | |||
| CVE-2024-41243 | 0.00 | — | 0.00 | Aug 7, 2024 | An Incorrect Access Control vulnerability was found in /smsa/view_marks.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view MARKS details. | |||
| CVE-2024-41245 | 0.00 | — | 0.00 | Aug 7, 2024 | An Incorrect Access Control vulnerability was found in /smsa/view_teachers.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view TEACHER details. | |||
| CVE-2024-41251 | 0.00 | — | 0.01 | Aug 7, 2024 | An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration. | |||
| CVE-2024-41237 | 0.00 | — | 0.00 | Aug 7, 2024 | A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter. | |||
| CVE-2024-41244 | 0.00 | — | 0.00 | Aug 7, 2024 | An Incorrect Access Control vulnerability was found in /smsa/view_class.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view CLASS details. | |||
| CVE-2024-41249 | 0.00 | — | 0.00 | Aug 7, 2024 | An Incorrect Access Control vulnerability was found in /smsa/view_subject.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view SUBJECT details. | |||
| CVE-2024-41248 | 0.00 | — | 0.00 | Aug 7, 2024 | An Incorrect Access Control vulnerability was found in /smsa/add_subject.php and /smsa/add_subject_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new subject entry. |
- CVE-2024-41236Aug 28, 2024risk 0.00cvss —epss 0.00
A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page
- CVE-2024-41238Aug 8, 2024risk 0.00cvss —epss 0.00
A SQL injection vulnerability in /smsa/student_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter.
- CVE-2024-41250Aug 7, 2024risk 0.00cvss —epss 0.00
An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT details.
- CVE-2024-41239Aug 7, 2024risk 0.00cvss —epss 0.00
A Stored Cross Site Scripting (XSS) vulnerability was found in "/smsa/add_class_submit.php" in Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "class_name" parameter field.
- CVE-2024-41242Aug 7, 2024risk 0.00cvss —epss 0.00
A Reflected Cross Site Scripting (XSS) vulnerability was found in /smsa/student_login.php in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter.
- CVE-2024-41240Aug 7, 2024risk 0.00cvss —epss 0.00
A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via the "error" parameter.
- CVE-2024-41246Aug 7, 2024risk 0.00cvss —epss 0.00
An Incorrect Access Control vulnerability was found in /smsa/admin_dashboard.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view administrator dashboard.
- CVE-2024-41241Aug 7, 2024risk 0.00cvss —epss 0.00
A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/admin_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter.
- CVE-2024-41247Aug 7, 2024risk 0.00cvss —epss 0.01
An Incorrect Access Control vulnerability was found in /smsa/add_class.php and /smsa/add_class_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new class entry.
- CVE-2024-41252Aug 7, 2024risk 0.00cvss —epss 0.01
An Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php and /smsa/admin_student_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve student registration.
- CVE-2024-41243Aug 7, 2024risk 0.00cvss —epss 0.00
An Incorrect Access Control vulnerability was found in /smsa/view_marks.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view MARKS details.
- CVE-2024-41245Aug 7, 2024risk 0.00cvss —epss 0.00
An Incorrect Access Control vulnerability was found in /smsa/view_teachers.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view TEACHER details.
- CVE-2024-41251Aug 7, 2024risk 0.00cvss —epss 0.01
An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration.
- CVE-2024-41237Aug 7, 2024risk 0.00cvss —epss 0.00
A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter.
- CVE-2024-41244Aug 7, 2024risk 0.00cvss —epss 0.00
An Incorrect Access Control vulnerability was found in /smsa/view_class.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view CLASS details.
- CVE-2024-41249Aug 7, 2024risk 0.00cvss —epss 0.00
An Incorrect Access Control vulnerability was found in /smsa/view_subject.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view SUBJECT details.
- CVE-2024-41248Aug 7, 2024risk 0.00cvss —epss 0.00
An Incorrect Access Control vulnerability was found in /smsa/add_subject.php and /smsa/add_subject_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new subject entry.