Responsive School Management System
by Kashipara
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-41237 | Cri | 0.64 | 9.8 | 0.01 | Aug 7, 2024 | A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter. | ||
| CVE-2024-41236 | Hig | 0.47 | 7.2 | 0.00 | Aug 28, 2024 | A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page | ||
| CVE-2024-41252 | Med | 0.42 | 6.5 | 0.00 | Aug 7, 2024 | An Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php and /smsa/admin_student_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve… | ||
| CVE-2024-41251 | Med | 0.42 | 6.5 | 0.00 | Aug 7, 2024 | An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve… | ||
| CVE-2024-46336 | Med | 0.40 | 6.1 | 0.00 | Nov 17, 2025 | kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /client_user/feedback.php. | ||
| CVE-2024-46334 | Med | 0.40 | 6.1 | 0.00 | Nov 17, 2025 | kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the formuser and formpassword parameters in /adminLogin.php. | ||
| CVE-2024-41242 | Med | 0.40 | 6.1 | 0.00 | Aug 7, 2024 | A Reflected Cross Site Scripting (XSS) vulnerability was found in /smsa/student_login.php in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter. | ||
| CVE-2024-41241 | Med | 0.40 | 6.1 | 0.00 | Aug 7, 2024 | A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/admin_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter. | ||
| CVE-2024-41240 | Med | 0.40 | 6.1 | 0.00 | Aug 7, 2024 | A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via the "error" parameter. | ||
| CVE-2024-41249 | Med | 0.35 | 5.3 | 0.01 | Aug 7, 2024 | An Incorrect Access Control vulnerability was found in /smsa/view_subject.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view SUBJECT details. | ||
| CVE-2024-41238 | Med | 0.34 | 5.3 | 0.00 | Aug 8, 2024 | A SQL injection vulnerability in /smsa/student_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter. | ||
| CVE-2024-41250 | Med | 0.34 | 5.3 | 0.00 | Aug 7, 2024 | An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT details. | ||
| CVE-2024-41245 | Med | 0.34 | 5.3 | 0.01 | Aug 7, 2024 | An Incorrect Access Control vulnerability was found in /smsa/view_teachers.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view TEACHER details. | ||
| CVE-2024-41244 | Med | 0.34 | 5.3 | 0.00 | Aug 7, 2024 | An Incorrect Access Control vulnerability was found in /smsa/view_class.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view CLASS details. | ||
| CVE-2024-41243 | Med | 0.34 | 5.3 | 0.01 | Aug 7, 2024 | An Incorrect Access Control vulnerability was found in /smsa/view_marks.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view MARKS details. | ||
| CVE-2024-41248 | Med | 0.34 | 5.3 | 0.01 | Aug 7, 2024 | An Incorrect Access Control vulnerability was found in /smsa/add_subject.php and /smsa/add_subject_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new subject entry. | ||
| CVE-2024-41247 | Med | 0.34 | 5.3 | 0.00 | Aug 7, 2024 | An Incorrect Access Control vulnerability was found in /smsa/add_class.php and /smsa/add_class_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new class entry. | ||
| CVE-2024-41246 | Med | 0.34 | 5.3 | 0.01 | Aug 7, 2024 | An Incorrect Access Control vulnerability was found in /smsa/admin_dashboard.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view administrator dashboard. | ||
| CVE-2024-41239 | Med | 0.31 | 4.8 | 0.00 | Aug 7, 2024 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/smsa/add_class_submit.php" in Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "class_name" parameter field. |
- risk 0.64cvss 9.8epss 0.01
A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter.
- risk 0.47cvss 7.2epss 0.00
A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page
- risk 0.42cvss 6.5epss 0.00
An Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php and /smsa/admin_student_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve…
- risk 0.42cvss 6.5epss 0.00
An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve…
- risk 0.40cvss 6.1epss 0.00
kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /client_user/feedback.php.
- risk 0.40cvss 6.1epss 0.00
kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the formuser and formpassword parameters in /adminLogin.php.
- risk 0.40cvss 6.1epss 0.00
A Reflected Cross Site Scripting (XSS) vulnerability was found in /smsa/student_login.php in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter.
- risk 0.40cvss 6.1epss 0.00
A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/admin_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter.
- risk 0.40cvss 6.1epss 0.00
A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via the "error" parameter.
- risk 0.35cvss 5.3epss 0.01
An Incorrect Access Control vulnerability was found in /smsa/view_subject.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view SUBJECT details.
- risk 0.34cvss 5.3epss 0.00
A SQL injection vulnerability in /smsa/student_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter.
- risk 0.34cvss 5.3epss 0.00
An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT details.
- risk 0.34cvss 5.3epss 0.01
An Incorrect Access Control vulnerability was found in /smsa/view_teachers.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view TEACHER details.
- risk 0.34cvss 5.3epss 0.00
An Incorrect Access Control vulnerability was found in /smsa/view_class.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view CLASS details.
- risk 0.34cvss 5.3epss 0.01
An Incorrect Access Control vulnerability was found in /smsa/view_marks.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view MARKS details.
- risk 0.34cvss 5.3epss 0.01
An Incorrect Access Control vulnerability was found in /smsa/add_subject.php and /smsa/add_subject_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new subject entry.
- risk 0.34cvss 5.3epss 0.00
An Incorrect Access Control vulnerability was found in /smsa/add_class.php and /smsa/add_class_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new class entry.
- risk 0.34cvss 5.3epss 0.01
An Incorrect Access Control vulnerability was found in /smsa/admin_dashboard.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view administrator dashboard.
- risk 0.31cvss 4.8epss 0.00
A Stored Cross Site Scripting (XSS) vulnerability was found in "/smsa/add_class_submit.php" in Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "class_name" parameter field.