Note:
This project will be discontinued after December 13, 2021. [more]
Product:
E\-Learning_management_system
(Lopalopa)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 24 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-12-09 | CVE-2024-54926 | A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter. | E\-Learning_management_system | 8.8 | ||
| 2024-12-09 | CVE-2024-54935 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter. | E\-Learning_management_system | 5.4 | ||
| 2024-12-09 | CVE-2024-54929 | KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php. | E\-Learning_management_system | 7.2 | ||
| 2024-12-09 | CVE-2024-54936 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter. | E\-Learning_management_system | 5.4 | ||
| 2024-12-09 | CVE-2024-54919 | A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter. | E\-Learning_management_system | 5.4 | ||
| 2024-12-09 | CVE-2024-54920 | A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters. | E\-Learning_management_system | 9.8 | ||
| 2024-11-14 | CVE-2024-50832 | A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter. | E\-Learning_management_system | 7.2 | ||
| 2024-11-14 | CVE-2024-50833 | A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters. | E\-Learning_management_system | 9.8 | ||
| 2024-11-14 | CVE-2024-50834 | A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0 via the firstname and lastname parameters. | E\-Learning_management_system | 7.2 | ||
| 2024-11-14 | CVE-2024-50835 | A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters. | E\-Learning_management_system | 7.2 |