Product:

E\-Learning_management_system

(Lopalopa)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 24
Date Id Summary Products Score Patch Annotated
2024-12-09 CVE-2024-54922 A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters. E\-Learning_management_system 7.2
2024-12-09 CVE-2024-54930 Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php. E\-Learning_management_system 7.2
2024-12-09 CVE-2024-54933 Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php. E\-Learning_management_system 7.2
2024-12-09 CVE-2024-54937 A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets. E\-Learning_management_system 5.3
2024-12-09 CVE-2024-54926 A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter. E\-Learning_management_system 8.8
2024-12-09 CVE-2024-54935 A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter. E\-Learning_management_system 5.4
2024-12-09 CVE-2024-54929 KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php. E\-Learning_management_system 7.2
2024-12-09 CVE-2024-54936 A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter. E\-Learning_management_system 5.4
2024-12-09 CVE-2024-54919 A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter. E\-Learning_management_system 5.4
2024-12-09 CVE-2024-54920 A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters. E\-Learning_management_system 9.8