Filtered by vendor Kashipara Subscriptions
Total 132 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-49688 1 Kashipara 1 Job Portal 2024-11-21 9.8 Critical
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtUser' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-49681 1 Kashipara 1 Job Portal 2024-11-21 9.8 Critical
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-49677 1 Kashipara 1 Job Portal 2024-11-21 9.8 Critical
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-49666 1 Kashipara 1 Billing System 2024-11-21 9.8 Critical
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-49665 1 Kashipara 1 Billing Software 2024-11-21 9.8 Critical
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-49658 1 Kashipara 1 Billing Software 2024-11-21 9.8 Critical
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-49639 1 Kashipara 1 Billing Software 2024-11-21 9.8 Critical
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'customer_details' parameter of the buyer_invoice_submit.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-49633 1 Kashipara 1 Billing Software 2024-11-21 9.8 Critical
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyer_address' parameter of the buyer_detail_submit.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-49625 1 Kashipara 1 Billing Software 2024-11-21 9.8 Critical
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partylist_edit_submit.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-49624 1 Kashipara 1 Billing Software 2024-11-21 9.8 Critical
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-49622 1 Kashipara 1 Billing Software 2024-11-21 9.8 Critical
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'itemnameid' parameter of the material_bill.php?action=itemRelation resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-49272 1 Kashipara 1 Hotel Management 2024-11-21 5.4 Medium
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.
CVE-2023-49271 1 Kashipara 1 Hotel Management 2024-11-21 5.4 Medium
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.
CVE-2023-49270 1 Kashipara 1 Hotel Management 2024-11-21 5.4 Medium
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.
CVE-2024-50826 2 Kashipara, Lopalopa 2 E Learning Management System Project, E-learning Management System 2024-11-18 3.5 Low
A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters.
CVE-2024-50825 2 Kashipara, Lopalopa 2 E Learning Management System Project, E-learning Management System 2024-11-18 3.5 Low
A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter.
CVE-2024-50824 2 Kashipara, Lopalopa 2 E Learning Management System Project, E-learning Management System 2024-11-18 3.5 Low
A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.
CVE-2024-50823 2 Kashipara, Lopalopa 2 E Learning Management System Project, E-learning Management System 2024-11-18 3.5 Low
A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.
CVE-2024-50835 2 Kashipara, Lopalopa 2 E Learning Management System Project, E-learning Management System 2024-11-18 3.5 Low
A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters.
CVE-2024-50834 2 Kashipara, Lopalopa 2 E Learning Management System Project, E-learning Management System 2024-11-18 3.5 Low
A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0 via the firstname and lastname parameters.