VYPR

Vendor CVEs

Kashipara

All CVEs

159 total · sorted by risk
  • CVE-2024-46334Nov 17, 2025
    risk 0.00cvss epss 0.00

    kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the formuser and formpassword parameters in /adminLogin.php.

  • CVE-2024-46336Nov 17, 2025
    risk 0.00cvss epss 0.00

    kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /client_user/feedback.php.

  • CVE-2025-56697Sep 16, 2025
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the /users/adminpanel/admin/home.php?page=feedbacks file of Kashipara Computer Base Test v1.0. Attackers can inject malicious scripts via the smyFeedbacks POST parameter in /users/home.php.

  • CVE-2025-5214May 26, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in Kashipara Responsive Online Learing Platform 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /courses/course_detail_user_new.php. The manipulation of the argument ID leads to sql injection. The…

  • CVE-2025-45321May 5, 2025
    risk 0.00cvss epss 0.00

    kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in /osms/Requester/Requesterchangepass.php via the parameter: rPassword.

  • CVE-2025-45320May 5, 2025
    risk 0.00cvss epss 0.00

    A Directory Listing Vulnerability was found in the /osms/Requester/ directory of the Kashipara Online Service Management Portal V1.0.

  • CVE-2025-45322May 5, 2025
    risk 0.00cvss epss 0.00

    kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in osms/Requester/CheckStatus.php via the checkid parameter.

  • CVE-2025-26158Feb 14, 2025
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the department parameter.

  • CVE-2024-54932Dec 9, 2024
    risk 0.00cvss epss 0.00

    Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php.

  • CVE-2024-54938Dec 9, 2024
    risk 0.00cvss epss 0.01

    A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads.

  • CVE-2024-54931Dec 9, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.

  • CVE-2024-54926Dec 9, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter.

  • CVE-2024-54923Dec 9, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter.

  • CVE-2024-54924Dec 9, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters.

  • CVE-2024-54935Dec 9, 2024
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.

  • CVE-2024-54933Dec 9, 2024
    risk 0.00cvss epss 0.00

    Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php.

  • CVE-2024-54936Dec 9, 2024
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.

  • CVE-2024-54920Dec 9, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters.

  • CVE-2024-54925Dec 9, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.

  • CVE-2024-54929Dec 9, 2024
    risk 0.00cvss epss 0.00

    KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php.

  • CVE-2024-54921Dec 9, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters.

  • CVE-2024-54930Dec 9, 2024
    risk 0.00cvss epss 0.00

    Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php.

  • CVE-2024-54934Dec 9, 2024
    risk 0.00cvss epss 0.00

    Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php.

  • CVE-2024-54919Dec 9, 2024
    risk 0.00cvss epss 0.00

    A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter.

  • CVE-2024-54918Dec 9, 2024
    risk 0.00cvss epss 0.01

    Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php.

  • CVE-2024-54927Dec 9, 2024
    risk 0.00cvss epss 0.00

    Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php.

  • CVE-2024-54922Dec 9, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters.

  • CVE-2024-54928Dec 9, 2024
    risk 0.00cvss epss 0.00

    kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php,

  • CVE-2024-54937Dec 9, 2024
    risk 0.00cvss epss 0.00

    A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets.

  • CVE-2024-50841Nov 14, 2024
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/calendar_of_events.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the date_start, date_end, and title parameters.

  • CVE-2024-50834Nov 14, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0 via the firstname and lastname parameters.

  • CVE-2024-50839Nov 14, 2024
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/add_subject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subject_code and title parameters.

  • CVE-2024-50838Nov 14, 2024
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters.

  • CVE-2024-50825Nov 14, 2024
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter.

  • CVE-2024-50832Nov 14, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.

  • CVE-2024-50829Nov 14, 2024
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability was found in /admin/edit_subject.php in kashipara E-learning Management System Project 1.0 via the unit parameter.

  • CVE-2024-50823Nov 14, 2024
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.

  • CVE-2024-50840Nov 14, 2024
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter.

  • CVE-2024-50842Nov 14, 2024
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/school_year.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the school_year parameter.

  • CVE-2024-50835Nov 14, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters.

  • CVE-2024-50827Nov 14, 2024
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter.

  • CVE-2024-50831Nov 14, 2024
    risk 0.00cvss epss 0.00

    A SQL Injection was found in /admin/admin_user.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.

  • CVE-2024-50830Nov 14, 2024
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability was found in /admin/calendar_of_events.php in kashipara E-learning Management System Project 1.0 via the date_start, date_end, and title parameters.

  • CVE-2024-50833Nov 14, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters.

  • CVE-2024-50837Nov 14, 2024
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters.

  • CVE-2024-50826Nov 14, 2024
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters.

  • CVE-2024-50824Nov 14, 2024
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.

  • CVE-2024-50836Nov 14, 2024
    risk 0.00cvss epss 0.01

    A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and lastname parameters.

  • CVE-2024-50828Nov 14, 2024
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter.

  • CVE-2024-42797Sep 24, 2024
    risk 0.00cvss epss 0.01

    An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries.

Page 1 of 4