Show filters
77 Total Results
Displaying 1-10 of 77
Sort by:
Attacker Value
Unknown

CVE-2024-54935

Disclosure Date: December 09, 2024 (last updated December 21, 2024)
A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-54933

Disclosure Date: December 09, 2024 (last updated December 21, 2024)
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-54930

Disclosure Date: December 09, 2024 (last updated December 21, 2024)
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-54922

Disclosure Date: December 09, 2024 (last updated December 21, 2024)
A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-54926

Disclosure Date: December 09, 2024 (last updated December 21, 2024)
A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-54920

Disclosure Date: December 09, 2024 (last updated December 21, 2024)
A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-54919

Disclosure Date: December 09, 2024 (last updated December 21, 2024)
A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-54937

Disclosure Date: December 09, 2024 (last updated December 21, 2024)
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-54936

Disclosure Date: December 09, 2024 (last updated December 21, 2024)
A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-54929

Disclosure Date: December 09, 2024 (last updated December 21, 2024)
KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
View More Topics  Next >