Filtered by vendor Lopalopa
Subscriptions
Total
56 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-54933 | 1 Lopalopa | 1 E-learning Management System | 2024-12-12 | 9.8 Critical |
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php. | ||||
CVE-2024-54930 | 1 Lopalopa | 1 E-learning Management System | 2024-12-12 | 9.8 Critical |
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php. | ||||
CVE-2024-54922 | 1 Lopalopa | 1 E-learning Management System | 2024-12-12 | 9.8 Critical |
A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters. | ||||
CVE-2024-54926 | 1 Lopalopa | 1 E-learning Management System | 2024-12-11 | 9.8 Critical |
A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter. | ||||
CVE-2024-54937 | 1 Lopalopa | 1 E-learning Management System | 2024-12-11 | 5.3 Medium |
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets. | ||||
CVE-2024-54935 | 1 Lopalopa | 1 E-learning Management System | 2024-12-11 | 5.4 Medium |
A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter. | ||||
CVE-2024-54929 | 1 Lopalopa | 1 E-learning Management System | 2024-12-11 | 7.2 High |
KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php. | ||||
CVE-2024-54920 | 1 Lopalopa | 1 E-learning Management System | 2024-12-11 | 9.8 Critical |
A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters. | ||||
CVE-2024-54936 | 1 Lopalopa | 1 E-learning Management System | 2024-12-10 | 5.4 Medium |
A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter. | ||||
CVE-2024-54919 | 1 Lopalopa | 1 E-learning Management System | 2024-12-10 | 5.4 Medium |
A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter. | ||||
CVE-2024-0307 | 1 Lopalopa | 1 Dynamic Lab Management System | 2024-11-21 | 7.3 High |
A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login_process.php. The manipulation of the argument password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249874 is the identifier assigned to this vulnerability. | ||||
CVE-2024-0306 | 1 Lopalopa | 1 Dynamic Lab Management System | 2024-11-21 | 7.3 High |
A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file /admin/admin_login_process.php. The manipulation of the argument admin_password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249873 was assigned to this vulnerability. | ||||
CVE-2024-50836 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | 6.1 Medium |
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and lastname parameters. | ||||
CVE-2024-50826 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters. | ||||
CVE-2024-50825 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter. | ||||
CVE-2024-50824 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter. | ||||
CVE-2024-50823 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters. | ||||
CVE-2024-50835 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters. | ||||
CVE-2024-50834 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0 via the firstname and lastname parameters. | ||||
CVE-2024-50833 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters. |