Filtered by vendor Lopalopa Subscriptions
Total 56 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-54933 1 Lopalopa 1 E-learning Management System 2024-12-12 9.8 Critical
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php.
CVE-2024-54930 1 Lopalopa 1 E-learning Management System 2024-12-12 9.8 Critical
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php.
CVE-2024-54922 1 Lopalopa 1 E-learning Management System 2024-12-12 9.8 Critical
A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters.
CVE-2024-54926 1 Lopalopa 1 E-learning Management System 2024-12-11 9.8 Critical
A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter.
CVE-2024-54937 1 Lopalopa 1 E-learning Management System 2024-12-11 5.3 Medium
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets.
CVE-2024-54935 1 Lopalopa 1 E-learning Management System 2024-12-11 5.4 Medium
A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.
CVE-2024-54929 1 Lopalopa 1 E-learning Management System 2024-12-11 7.2 High
KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php.
CVE-2024-54920 1 Lopalopa 1 E-learning Management System 2024-12-11 9.8 Critical
A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters.
CVE-2024-54936 1 Lopalopa 1 E-learning Management System 2024-12-10 5.4 Medium
A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.
CVE-2024-54919 1 Lopalopa 1 E-learning Management System 2024-12-10 5.4 Medium
A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter.
CVE-2024-0307 1 Lopalopa 1 Dynamic Lab Management System 2024-11-21 7.3 High
A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login_process.php. The manipulation of the argument password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249874 is the identifier assigned to this vulnerability.
CVE-2024-0306 1 Lopalopa 1 Dynamic Lab Management System 2024-11-21 7.3 High
A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file /admin/admin_login_process.php. The manipulation of the argument admin_password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249873 was assigned to this vulnerability.
CVE-2024-50836 1 Lopalopa 1 E-learning Management System 2024-11-18 6.1 Medium
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and lastname parameters.
CVE-2024-50826 2 Kashipara, Lopalopa 2 E Learning Management System Project, E-learning Management System 2024-11-18 3.5 Low
A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters.
CVE-2024-50825 2 Kashipara, Lopalopa 2 E Learning Management System Project, E-learning Management System 2024-11-18 3.5 Low
A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter.
CVE-2024-50824 2 Kashipara, Lopalopa 2 E Learning Management System Project, E-learning Management System 2024-11-18 3.5 Low
A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.
CVE-2024-50823 2 Kashipara, Lopalopa 2 E Learning Management System Project, E-learning Management System 2024-11-18 3.5 Low
A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.
CVE-2024-50835 2 Kashipara, Lopalopa 2 E Learning Management System Project, E-learning Management System 2024-11-18 3.5 Low
A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters.
CVE-2024-50834 2 Kashipara, Lopalopa 2 E Learning Management System Project, E-learning Management System 2024-11-18 3.5 Low
A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0 via the firstname and lastname parameters.
CVE-2024-50833 2 Kashipara, Lopalopa 2 E Learning Management System Project, E-learning Management System 2024-11-18 3.5 Low
A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters.