Kashipara
Products
11- 77 CVEs
- 42 CVEs
- 17 CVEs
- 7 CVEs
- 6 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
159| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-46334 | 0.00 | — | 0.00 | Nov 17, 2025 | kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the formuser and formpassword parameters in /adminLogin.php. | |||
| CVE-2024-46336 | 0.00 | — | 0.00 | Nov 17, 2025 | kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /client_user/feedback.php. | |||
| CVE-2025-56697 | 0.00 | — | 0.00 | Sep 16, 2025 | A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the /users/adminpanel/admin/home.php?page=feedbacks file of Kashipara Computer Base Test v1.0. Attackers can inject malicious scripts via the smyFeedbacks POST parameter in /users/home.php. | |||
| CVE-2025-5214 | 0.00 | — | 0.00 | May 26, 2025 | A vulnerability was found in Kashipara Responsive Online Learing Platform 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /courses/course_detail_user_new.php. The manipulation of the argument ID leads to sql injection. The… | |||
| CVE-2025-45320 | 0.00 | — | 0.00 | May 5, 2025 | A Directory Listing Vulnerability was found in the /osms/Requester/ directory of the Kashipara Online Service Management Portal V1.0. | |||
| CVE-2025-45321 | 0.00 | — | 0.00 | May 5, 2025 | kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in /osms/Requester/Requesterchangepass.php via the parameter: rPassword. | |||
| CVE-2025-45322 | 0.00 | — | 0.00 | May 5, 2025 | kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in osms/Requester/CheckStatus.php via the checkid parameter. | |||
| CVE-2025-26158 | 0.00 | — | 0.00 | Feb 14, 2025 | A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the department parameter. | |||
| CVE-2024-54922 | 0.00 | — | 0.01 | Dec 9, 2024 | A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters. | |||
| CVE-2024-54928 | 0.00 | — | 0.00 | Dec 9, 2024 | kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php, | |||
| CVE-2024-54918 | 0.00 | — | 0.01 | Dec 9, 2024 | Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php. | |||
| CVE-2024-54933 | 0.00 | — | 0.00 | Dec 9, 2024 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php. | |||
| CVE-2024-54923 | 0.00 | — | 0.01 | Dec 9, 2024 | A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter. | |||
| CVE-2024-54938 | 0.00 | — | 0.01 | Dec 9, 2024 | A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads. | |||
| CVE-2024-54920 | 0.00 | — | 0.01 | Dec 9, 2024 | A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters. | |||
| CVE-2024-54936 | 0.00 | — | 0.00 | Dec 9, 2024 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter. | |||
| CVE-2024-54921 | 0.00 | — | 0.01 | Dec 9, 2024 | A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters. | |||
| CVE-2024-54932 | 0.00 | — | 0.00 | Dec 9, 2024 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php. | |||
| CVE-2024-54926 | 0.00 | — | 0.01 | Dec 9, 2024 | A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter. | |||
| CVE-2024-54927 | 0.00 | — | 0.00 | Dec 9, 2024 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php. |
- CVE-2024-46334Nov 17, 2025risk 0.00cvss —epss 0.00
kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the formuser and formpassword parameters in /adminLogin.php.
- CVE-2024-46336Nov 17, 2025risk 0.00cvss —epss 0.00
kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /client_user/feedback.php.
- CVE-2025-56697Sep 16, 2025risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the /users/adminpanel/admin/home.php?page=feedbacks file of Kashipara Computer Base Test v1.0. Attackers can inject malicious scripts via the smyFeedbacks POST parameter in /users/home.php.
- CVE-2025-5214May 26, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in Kashipara Responsive Online Learing Platform 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /courses/course_detail_user_new.php. The manipulation of the argument ID leads to sql injection. The…
- CVE-2025-45320May 5, 2025risk 0.00cvss —epss 0.00
A Directory Listing Vulnerability was found in the /osms/Requester/ directory of the Kashipara Online Service Management Portal V1.0.
- CVE-2025-45321May 5, 2025risk 0.00cvss —epss 0.00
kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in /osms/Requester/Requesterchangepass.php via the parameter: rPassword.
- CVE-2025-45322May 5, 2025risk 0.00cvss —epss 0.00
kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in osms/Requester/CheckStatus.php via the checkid parameter.
- CVE-2025-26158Feb 14, 2025risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the department parameter.
- CVE-2024-54922Dec 9, 2024risk 0.00cvss —epss 0.01
A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters.
- CVE-2024-54928Dec 9, 2024risk 0.00cvss —epss 0.00
kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php,
- CVE-2024-54918Dec 9, 2024risk 0.00cvss —epss 0.01
Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php.
- CVE-2024-54933Dec 9, 2024risk 0.00cvss —epss 0.00
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php.
- CVE-2024-54923Dec 9, 2024risk 0.00cvss —epss 0.01
A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter.
- CVE-2024-54938Dec 9, 2024risk 0.00cvss —epss 0.01
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads.
- CVE-2024-54920Dec 9, 2024risk 0.00cvss —epss 0.01
A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters.
- CVE-2024-54936Dec 9, 2024risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.
- CVE-2024-54921Dec 9, 2024risk 0.00cvss —epss 0.01
A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters.
- CVE-2024-54932Dec 9, 2024risk 0.00cvss —epss 0.00
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php.
- CVE-2024-54926Dec 9, 2024risk 0.00cvss —epss 0.01
A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter.
- CVE-2024-54927Dec 9, 2024risk 0.00cvss —epss 0.00
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php.