VYPR
Vendor

Kashipara

Products
11
CVEs
159
Across products
159
Status
Private

Products

11

Recent CVEs

159
View all 159 CVEs →
  • CVE-2024-46334Nov 17, 2025
    risk 0.00cvss epss 0.00

    kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the formuser and formpassword parameters in /adminLogin.php.

  • CVE-2024-46336Nov 17, 2025
    risk 0.00cvss epss 0.00

    kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /client_user/feedback.php.

  • CVE-2025-56697Sep 16, 2025
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the /users/adminpanel/admin/home.php?page=feedbacks file of Kashipara Computer Base Test v1.0. Attackers can inject malicious scripts via the smyFeedbacks POST parameter in /users/home.php.

  • CVE-2025-5214May 26, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in Kashipara Responsive Online Learing Platform 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /courses/course_detail_user_new.php. The manipulation of the argument ID leads to sql injection. The…

  • CVE-2025-45320May 5, 2025
    risk 0.00cvss epss 0.00

    A Directory Listing Vulnerability was found in the /osms/Requester/ directory of the Kashipara Online Service Management Portal V1.0.

  • CVE-2025-45321May 5, 2025
    risk 0.00cvss epss 0.00

    kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in /osms/Requester/Requesterchangepass.php via the parameter: rPassword.

  • CVE-2025-45322May 5, 2025
    risk 0.00cvss epss 0.00

    kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in osms/Requester/CheckStatus.php via the checkid parameter.

  • CVE-2025-26158Feb 14, 2025
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the department parameter.

  • CVE-2024-54922Dec 9, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters.

  • CVE-2024-54928Dec 9, 2024
    risk 0.00cvss epss 0.00

    kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php,

  • CVE-2024-54918Dec 9, 2024
    risk 0.00cvss epss 0.01

    Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php.

  • CVE-2024-54933Dec 9, 2024
    risk 0.00cvss epss 0.00

    Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php.

  • CVE-2024-54923Dec 9, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter.

  • CVE-2024-54938Dec 9, 2024
    risk 0.00cvss epss 0.01

    A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads.

  • CVE-2024-54920Dec 9, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters.

  • CVE-2024-54936Dec 9, 2024
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.

  • CVE-2024-54921Dec 9, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters.

  • CVE-2024-54932Dec 9, 2024
    risk 0.00cvss epss 0.00

    Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php.

  • CVE-2024-54926Dec 9, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter.

  • CVE-2024-54927Dec 9, 2024
    risk 0.00cvss epss 0.00

    Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php.