Filtered by vendor Kashipara
Subscriptions
Total
132 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-42768 | 1 Kashipara | 1 Hotel Management | 2024-08-23 | 6.8 Medium |
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php. | ||||
CVE-2024-42769 | 1 Kashipara | 1 Hotel Management System | 2024-08-23 | 6.1 Medium |
A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "user_fname" and "user_lname" parameters. | ||||
CVE-2024-42765 | 1 Kashipara | 1 Bus Ticket Reservation System | 2024-08-23 | 9.8 Critical |
A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or "password" Login page parameters. | ||||
CVE-2024-42775 | 1 Kashipara | 1 Hotel Management System | 2024-08-23 | 9.1 Critical |
An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access. | ||||
CVE-2024-42776 | 1 Kashipara | 1 Hotel Management System | 2024-08-23 | 7.2 High |
Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php. | ||||
CVE-2024-42774 | 1 Kashipara | 1 Hotel Management System | 2024-08-23 | 7.5 High |
An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section. | ||||
CVE-2024-42772 | 1 Kashipara | 1 Hotel Management System | 2024-08-23 | 7.5 High |
An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section. | ||||
CVE-2024-42771 | 1 Kashipara | 1 Hotel Management System | 2024-08-23 | 4.8 Medium |
A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" parameter. | ||||
CVE-2024-42764 | 1 Kashipara | 1 Bus Ticket Reservation System | 2024-08-23 | 9.4 Critical |
Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via /deleteTicket.php. | ||||
CVE-2024-42782 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2024-08-23 | 7.6 High |
A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter. | ||||
CVE-2024-42781 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2024-08-23 | 9.8 Critical |
A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email parameter. | ||||
CVE-2024-42780 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2024-08-23 | 8.8 High |
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
CVE-2024-42777 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2024-08-23 | 9.8 Critical |
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
CVE-2024-42779 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2024-08-23 | 8.8 High |
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
CVE-2024-40487 | 1 Kashipara | 1 Live Membership System | 2024-08-23 | 7.6 High |
A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType parameter. | ||||
CVE-2024-40480 | 2 Jayesh, Kashipara | 2 Online Exam System, Online Exam System | 2024-08-22 | 9.8 Critical |
A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access. | ||||
CVE-2024-41240 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-08-13 | 6.3 Medium |
A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via the "error" parameter. | ||||
CVE-2024-40488 | 1 Kashipara | 1 Live Membership System | 2024-08-13 | 8.8 High |
A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Live Membership System v1.0. This could lead to an attacker tricking the administrator into deleting valid member data via a crafted HTML page, as demonstrated by a Delete Member action at the /delete_members.php. | ||||
CVE-2024-40486 | 1 Kashipara | 1 Live Membership System | 2024-08-13 | 9.8 Critical |
A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters. | ||||
CVE-2024-40482 | 1 Kashipara | 1 Live Membership System | 2024-08-13 | 9.8 Critical |
An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. |