Shodan
Vulnerabilities
Vulnerable Software
Lopalopa:  Security Vulnerabilities
CVE-2024-54931
A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-12-09
CVE-2024-54932
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-12-09
CVE-2024-54934
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-12-09
CVE-2024-54918
Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php.
CVSS Score
9.8
EPSS Score
0.027
Published
2024-12-09
CVE-2024-54921
A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-12-09
CVE-2024-54922
A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters.
CVSS Score
7.2
EPSS Score
0.003
Published
2024-12-09
CVE-2024-54930
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-12-09
CVE-2024-54933
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-12-09
CVE-2024-54935
A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-12-09
CVE-2024-54926
A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-12-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved