Shodan
Vulnerabilities
Vulnerable Software
Lopalopa:  Security Vulnerabilities
CVE-2024-40487
A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType parameter.
CVSS Score
7.6
EPSS Score
0.016
Published
2024-08-12
CVE-2024-40488
A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Live Membership System v1.0. This could lead to an attacker tricking the administrator into deleting valid member data via a crafted HTML page, as demonstrated by a Delete Member action at the /delete_members.php.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-08-12
CVE-2024-41238
A SQL injection vulnerability in /smsa/student_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-08-08
CVE-2024-41237
A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-08-07
CVE-2024-41239
A Stored Cross Site Scripting (XSS) vulnerability was found in "/smsa/add_class_submit.php" in Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "class_name" parameter field.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-08-07
CVE-2024-41240
A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via the "error" parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-08-07
CVE-2024-41241
A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/admin_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-08-07
CVE-2024-41242
A Reflected Cross Site Scripting (XSS) vulnerability was found in /smsa/student_login.php in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-08-07
CVE-2024-41243
An Incorrect Access Control vulnerability was found in /smsa/view_marks.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view MARKS details.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-08-07
CVE-2024-41244
An Incorrect Access Control vulnerability was found in /smsa/view_class.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view CLASS details.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-08-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved