Filtered by vendor Kashipara Subscriptions
Total 132 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-42768 1 Kashipara 1 Hotel Management 2024-08-23 6.8 Medium
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php.
CVE-2024-42769 1 Kashipara 1 Hotel Management System 2024-08-23 6.1 Medium
A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "user_fname" and "user_lname" parameters.
CVE-2024-42765 1 Kashipara 1 Bus Ticket Reservation System 2024-08-23 9.8 Critical
A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or "password" Login page parameters.
CVE-2024-42775 1 Kashipara 1 Hotel Management System 2024-08-23 9.1 Critical
An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access.
CVE-2024-42776 1 Kashipara 1 Hotel Management System 2024-08-23 7.2 High
Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php.
CVE-2024-42774 1 Kashipara 1 Hotel Management System 2024-08-23 7.5 High
An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section.
CVE-2024-42772 1 Kashipara 1 Hotel Management System 2024-08-23 7.5 High
An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section.
CVE-2024-42771 1 Kashipara 1 Hotel Management System 2024-08-23 4.8 Medium
A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" parameter.
CVE-2024-42764 1 Kashipara 1 Bus Ticket Reservation System 2024-08-23 9.4 Critical
Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via /deleteTicket.php.
CVE-2024-42782 2 Kashipara, Lopalopa 2 Music Management System, Music Management System 2024-08-23 7.6 High
A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter.
CVE-2024-42781 2 Kashipara, Lopalopa 2 Music Management System, Music Management System 2024-08-23 9.8 Critical
A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email parameter.
CVE-2024-42780 2 Kashipara, Lopalopa 2 Music Management System, Music Management System 2024-08-23 8.8 High
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2024-42777 2 Kashipara, Lopalopa 2 Music Management System, Music Management System 2024-08-23 9.8 Critical
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2024-42779 2 Kashipara, Lopalopa 2 Music Management System, Music Management System 2024-08-23 8.8 High
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2024-40487 1 Kashipara 1 Live Membership System 2024-08-23 7.6 High
A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType parameter.
CVE-2024-40480 2 Jayesh, Kashipara 2 Online Exam System, Online Exam System 2024-08-22 9.8 Critical
A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access.
CVE-2024-41240 2 Kashipara, Lopalopa 2 Responsive School Management System, Responsive School Management System 2024-08-13 6.3 Medium
A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via the "error" parameter.
CVE-2024-40488 1 Kashipara 1 Live Membership System 2024-08-13 8.8 High
A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Live Membership System v1.0. This could lead to an attacker tricking the administrator into deleting valid member data via a crafted HTML page, as demonstrated by a Delete Member action at the /delete_members.php.
CVE-2024-40486 1 Kashipara 1 Live Membership System 2024-08-13 9.8 Critical
A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters.
CVE-2024-40482 1 Kashipara 1 Live Membership System 2024-08-13 9.8 Critical
An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file.