Lopalopa: >> E-Learning Management System Security Vulnerabilities
A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-12-09
A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters.
CVSS Score
7.2
EPSS Score
0.003
Published
2024-12-09
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-12-09
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-12-09
A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-12-09
A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-12-09
A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-12-09
A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-12-09
A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-12-09
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-12-09