Filtered by vendor Kashipara Subscriptions
Total 132 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-50833 2 Kashipara, Lopalopa 2 E Learning Management System Project, E-learning Management System 2024-11-18 3.5 Low
A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters.
CVE-2024-50832 2 Kashipara, Lopalopa 2 E Learning Management System Project, E-learning Management System 2024-11-18 3.5 Low
A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.
CVE-2024-50831 2 Kashipara, Lopalopa 2 E Learning Management System Project, E-learning Management System 2024-11-18 3.5 Low
A SQL Injection was found in /admin/admin_user.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.
CVE-2024-50830 2 Kashipara, Lopalopa 2 E Learning Management System Project, E-learning Management System 2024-11-18 3.5 Low
A SQL Injection vulnerability was found in /admin/calendar_of_events.php in kashipara E-learning Management System Project 1.0 via the date_start, date_end, and title parameters.
CVE-2024-50829 2 Kashipara, Lopalopa 2 E Learning Management System Project, E-learning Management System 2024-11-18 3.5 Low
A SQL Injection vulnerability was found in /admin/edit_subject.php in kashipara E-learning Management System Project 1.0 via the unit parameter.
CVE-2024-50828 2 Kashipara, Lopalopa 2 E Learning Management System Project, E-learning Management System 2024-11-18 3.5 Low
A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter.
CVE-2024-50827 2 Kashipara, Lopalopa 2 E Learning Management System Project, E-learning Management System 2024-11-18 3.5 Low
A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter.
CVE-2024-50838 1 Kashipara 1 E Learning Management System Project 2024-11-15 5.4 Medium
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters.
CVE-2024-50841 1 Kashipara 1 E Learning Management System Project 2024-11-15 5.4 Medium
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/calendar_of_events.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the date_start, date_end, and title parameters.
CVE-2024-50839 1 Kashipara 1 E Learning Management System Project 2024-11-15 5.4 Medium
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/add_subject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subject_code and title parameters.
CVE-2024-50840 1 Kashipara 1 E Learning Management System Project 2024-11-15 5.4 Medium
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter.
CVE-2024-50837 1 Kashipara 1 E Learning Management System Project 2024-11-15 5.4 Medium
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters.
CVE-2024-50842 1 Kashipara 1 E Learning Management System Project 2024-11-15 5.4 Medium
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/school_year.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the school_year parameter.
CVE-2024-42773 1 Kashipara 1 Hotel Management System 2024-11-06 9.1 Critical
An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the administrator section.
CVE-2024-41251 2 Kashipara, Lopalopa 2 Responsive School Management System, Responsive School Management System 2024-10-24 6.5 Medium
An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration.
CVE-2024-41250 2 Kashipara, Lopalopa 2 Responsive School Management System, Responsive School Management System 2024-10-24 5.3 Medium
An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT details.
CVE-2024-42797 1 Kashipara 1 Music Management System 2024-09-26 9.8 Critical
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries.
CVE-2024-42796 1 Kashipara 1 Music Management System 2024-09-20 5.9 Medium
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries.
CVE-2024-42794 1 Kashipara 1 Music Management System 2024-09-20 4.7 Medium
Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user.
CVE-2024-42798 1 Kashipara 1 Music Management System 2024-09-20 7.6 High
An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account.