Product:

Responsive_school_management_system

(Lopalopa)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 17
Date Id Summary Products Score Patch Annotated
2024-08-07 CVE-2024-41251 An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration. Responsive_school_management_system 6.5
2024-08-07 CVE-2024-41250 An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT details. Responsive_school_management_system 5.3
2024-08-07 CVE-2024-41241 A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/admin_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter. Responsive_school_management_system 6.1
2024-08-28 CVE-2024-41236 A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page Responsive_school_management_system 7.2
2024-08-07 CVE-2024-41240 A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via the "error" parameter. Responsive_school_management_system 6.1
2024-08-08 CVE-2024-41238 A SQL injection vulnerability in /smsa/student_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter. Responsive_school_management_system 5.3
2024-08-07 CVE-2024-41237 A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter. Responsive_school_management_system 9.8