Vendor CVEs
Kashipara
All CVEs
159 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-46334 | 0.00 | — | 0.00 | Nov 17, 2025 | kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the formuser and formpassword parameters in /adminLogin.php. | |||
| CVE-2024-46336 | 0.00 | — | 0.00 | Nov 17, 2025 | kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /client_user/feedback.php. | |||
| CVE-2025-56697 | 0.00 | — | 0.00 | Sep 16, 2025 | A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the /users/adminpanel/admin/home.php?page=feedbacks file of Kashipara Computer Base Test v1.0. Attackers can inject malicious scripts via the smyFeedbacks POST parameter in /users/home.php. | |||
| CVE-2025-5214 | 0.00 | — | 0.00 | May 26, 2025 | A vulnerability was found in Kashipara Responsive Online Learing Platform 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /courses/course_detail_user_new.php. The manipulation of the argument ID leads to sql injection. The… | |||
| CVE-2025-45321 | 0.00 | — | 0.00 | May 5, 2025 | kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in /osms/Requester/Requesterchangepass.php via the parameter: rPassword. | |||
| CVE-2025-45320 | 0.00 | — | 0.00 | May 5, 2025 | A Directory Listing Vulnerability was found in the /osms/Requester/ directory of the Kashipara Online Service Management Portal V1.0. | |||
| CVE-2025-45322 | 0.00 | — | 0.00 | May 5, 2025 | kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in osms/Requester/CheckStatus.php via the checkid parameter. | |||
| CVE-2025-26158 | 0.00 | — | 0.00 | Feb 14, 2025 | A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the department parameter. | |||
| CVE-2024-54932 | 0.00 | — | 0.00 | Dec 9, 2024 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php. | |||
| CVE-2024-54938 | 0.00 | — | 0.01 | Dec 9, 2024 | A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads. | |||
| CVE-2024-54931 | 0.00 | — | 0.01 | Dec 9, 2024 | A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. | |||
| CVE-2024-54926 | 0.00 | — | 0.01 | Dec 9, 2024 | A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter. | |||
| CVE-2024-54923 | 0.00 | — | 0.01 | Dec 9, 2024 | A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter. | |||
| CVE-2024-54924 | 0.00 | — | 0.01 | Dec 9, 2024 | A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters. | |||
| CVE-2024-54935 | 0.00 | — | 0.00 | Dec 9, 2024 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter. | |||
| CVE-2024-54933 | 0.00 | — | 0.00 | Dec 9, 2024 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php. | |||
| CVE-2024-54936 | 0.00 | — | 0.00 | Dec 9, 2024 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter. | |||
| CVE-2024-54920 | 0.00 | — | 0.01 | Dec 9, 2024 | A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters. | |||
| CVE-2024-54925 | 0.00 | — | 0.01 | Dec 9, 2024 | A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. | |||
| CVE-2024-54929 | 0.00 | — | 0.00 | Dec 9, 2024 | KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php. | |||
| CVE-2024-54921 | 0.00 | — | 0.01 | Dec 9, 2024 | A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters. | |||
| CVE-2024-54930 | 0.00 | — | 0.00 | Dec 9, 2024 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php. | |||
| CVE-2024-54934 | 0.00 | — | 0.00 | Dec 9, 2024 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php. | |||
| CVE-2024-54919 | 0.00 | — | 0.00 | Dec 9, 2024 | A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter. | |||
| CVE-2024-54918 | 0.00 | — | 0.01 | Dec 9, 2024 | Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php. | |||
| CVE-2024-54927 | 0.00 | — | 0.00 | Dec 9, 2024 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php. | |||
| CVE-2024-54922 | 0.00 | — | 0.01 | Dec 9, 2024 | A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters. | |||
| CVE-2024-54928 | 0.00 | — | 0.00 | Dec 9, 2024 | kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php, | |||
| CVE-2024-54937 | 0.00 | — | 0.00 | Dec 9, 2024 | A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets. | |||
| CVE-2024-50841 | 0.00 | — | 0.00 | Nov 14, 2024 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/calendar_of_events.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the date_start, date_end, and title parameters. | |||
| CVE-2024-50834 | 0.00 | — | 0.01 | Nov 14, 2024 | A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0 via the firstname and lastname parameters. | |||
| CVE-2024-50839 | 0.00 | — | 0.00 | Nov 14, 2024 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/add_subject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subject_code and title parameters. | |||
| CVE-2024-50838 | 0.00 | — | 0.00 | Nov 14, 2024 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters. | |||
| CVE-2024-50825 | 0.00 | — | 0.00 | Nov 14, 2024 | A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter. | |||
| CVE-2024-50832 | 0.00 | — | 0.01 | Nov 14, 2024 | A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter. | |||
| CVE-2024-50829 | 0.00 | — | 0.00 | Nov 14, 2024 | A SQL Injection vulnerability was found in /admin/edit_subject.php in kashipara E-learning Management System Project 1.0 via the unit parameter. | |||
| CVE-2024-50823 | 0.00 | — | 0.00 | Nov 14, 2024 | A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters. | |||
| CVE-2024-50840 | 0.00 | — | 0.00 | Nov 14, 2024 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter. | |||
| CVE-2024-50842 | 0.00 | — | 0.00 | Nov 14, 2024 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/school_year.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the school_year parameter. | |||
| CVE-2024-50835 | 0.00 | — | 0.01 | Nov 14, 2024 | A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters. | |||
| CVE-2024-50827 | 0.00 | — | 0.00 | Nov 14, 2024 | A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter. | |||
| CVE-2024-50831 | 0.00 | — | 0.00 | Nov 14, 2024 | A SQL Injection was found in /admin/admin_user.php in kashipara E-learning Management System Project 1.0 via the username and password parameters. | |||
| CVE-2024-50830 | 0.00 | — | 0.00 | Nov 14, 2024 | A SQL Injection vulnerability was found in /admin/calendar_of_events.php in kashipara E-learning Management System Project 1.0 via the date_start, date_end, and title parameters. | |||
| CVE-2024-50833 | 0.00 | — | 0.01 | Nov 14, 2024 | A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters. | |||
| CVE-2024-50837 | 0.00 | — | 0.00 | Nov 14, 2024 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters. | |||
| CVE-2024-50826 | 0.00 | — | 0.00 | Nov 14, 2024 | A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters. | |||
| CVE-2024-50824 | 0.00 | — | 0.00 | Nov 14, 2024 | A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter. | |||
| CVE-2024-50836 | 0.00 | — | 0.01 | Nov 14, 2024 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and lastname parameters. | |||
| CVE-2024-50828 | 0.00 | — | 0.00 | Nov 14, 2024 | A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter. | |||
| CVE-2024-42797 | 0.00 | — | 0.01 | Sep 24, 2024 | An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries. |
- CVE-2024-46334Nov 17, 2025risk 0.00cvss —epss 0.00
kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the formuser and formpassword parameters in /adminLogin.php.
- CVE-2024-46336Nov 17, 2025risk 0.00cvss —epss 0.00
kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /client_user/feedback.php.
- CVE-2025-56697Sep 16, 2025risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the /users/adminpanel/admin/home.php?page=feedbacks file of Kashipara Computer Base Test v1.0. Attackers can inject malicious scripts via the smyFeedbacks POST parameter in /users/home.php.
- CVE-2025-5214May 26, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in Kashipara Responsive Online Learing Platform 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /courses/course_detail_user_new.php. The manipulation of the argument ID leads to sql injection. The…
- CVE-2025-45321May 5, 2025risk 0.00cvss —epss 0.00
kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in /osms/Requester/Requesterchangepass.php via the parameter: rPassword.
- CVE-2025-45320May 5, 2025risk 0.00cvss —epss 0.00
A Directory Listing Vulnerability was found in the /osms/Requester/ directory of the Kashipara Online Service Management Portal V1.0.
- CVE-2025-45322May 5, 2025risk 0.00cvss —epss 0.00
kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in osms/Requester/CheckStatus.php via the checkid parameter.
- CVE-2025-26158Feb 14, 2025risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the department parameter.
- CVE-2024-54932Dec 9, 2024risk 0.00cvss —epss 0.00
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php.
- CVE-2024-54938Dec 9, 2024risk 0.00cvss —epss 0.01
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads.
- CVE-2024-54931Dec 9, 2024risk 0.00cvss —epss 0.01
A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.
- CVE-2024-54926Dec 9, 2024risk 0.00cvss —epss 0.01
A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter.
- CVE-2024-54923Dec 9, 2024risk 0.00cvss —epss 0.01
A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter.
- CVE-2024-54924Dec 9, 2024risk 0.00cvss —epss 0.01
A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters.
- CVE-2024-54935Dec 9, 2024risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.
- CVE-2024-54933Dec 9, 2024risk 0.00cvss —epss 0.00
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php.
- CVE-2024-54936Dec 9, 2024risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.
- CVE-2024-54920Dec 9, 2024risk 0.00cvss —epss 0.01
A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters.
- CVE-2024-54925Dec 9, 2024risk 0.00cvss —epss 0.01
A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.
- CVE-2024-54929Dec 9, 2024risk 0.00cvss —epss 0.00
KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php.
- CVE-2024-54921Dec 9, 2024risk 0.00cvss —epss 0.01
A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters.
- CVE-2024-54930Dec 9, 2024risk 0.00cvss —epss 0.00
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php.
- CVE-2024-54934Dec 9, 2024risk 0.00cvss —epss 0.00
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php.
- CVE-2024-54919Dec 9, 2024risk 0.00cvss —epss 0.00
A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter.
- CVE-2024-54918Dec 9, 2024risk 0.00cvss —epss 0.01
Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php.
- CVE-2024-54927Dec 9, 2024risk 0.00cvss —epss 0.00
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php.
- CVE-2024-54922Dec 9, 2024risk 0.00cvss —epss 0.01
A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters.
- CVE-2024-54928Dec 9, 2024risk 0.00cvss —epss 0.00
kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php,
- CVE-2024-54937Dec 9, 2024risk 0.00cvss —epss 0.00
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets.
- CVE-2024-50841Nov 14, 2024risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/calendar_of_events.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the date_start, date_end, and title parameters.
- CVE-2024-50834Nov 14, 2024risk 0.00cvss —epss 0.01
A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0 via the firstname and lastname parameters.
- CVE-2024-50839Nov 14, 2024risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/add_subject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subject_code and title parameters.
- CVE-2024-50838Nov 14, 2024risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters.
- CVE-2024-50825Nov 14, 2024risk 0.00cvss —epss 0.00
A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter.
- CVE-2024-50832Nov 14, 2024risk 0.00cvss —epss 0.01
A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.
- CVE-2024-50829Nov 14, 2024risk 0.00cvss —epss 0.00
A SQL Injection vulnerability was found in /admin/edit_subject.php in kashipara E-learning Management System Project 1.0 via the unit parameter.
- CVE-2024-50823Nov 14, 2024risk 0.00cvss —epss 0.00
A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.
- CVE-2024-50840Nov 14, 2024risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter.
- CVE-2024-50842Nov 14, 2024risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/school_year.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the school_year parameter.
- CVE-2024-50835Nov 14, 2024risk 0.00cvss —epss 0.01
A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters.
- CVE-2024-50827Nov 14, 2024risk 0.00cvss —epss 0.00
A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter.
- CVE-2024-50831Nov 14, 2024risk 0.00cvss —epss 0.00
A SQL Injection was found in /admin/admin_user.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.
- CVE-2024-50830Nov 14, 2024risk 0.00cvss —epss 0.00
A SQL Injection vulnerability was found in /admin/calendar_of_events.php in kashipara E-learning Management System Project 1.0 via the date_start, date_end, and title parameters.
- CVE-2024-50833Nov 14, 2024risk 0.00cvss —epss 0.01
A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters.
- CVE-2024-50837Nov 14, 2024risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters.
- CVE-2024-50826Nov 14, 2024risk 0.00cvss —epss 0.00
A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters.
- CVE-2024-50824Nov 14, 2024risk 0.00cvss —epss 0.00
A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.
- CVE-2024-50836Nov 14, 2024risk 0.00cvss —epss 0.01
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and lastname parameters.
- CVE-2024-50828Nov 14, 2024risk 0.00cvss —epss 0.00
A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter.
- CVE-2024-42797Sep 24, 2024risk 0.00cvss —epss 0.01
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries.
Page 1 of 4