Filtered by vendor Lopalopa
Subscriptions
Total
77 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5372 | 1 Lopalopa | 1 College Management System | 2025-02-11 | 3.5 Low |
| A vulnerability classified as problematic was found in Kashipara College Management System 1.0. This vulnerability affects unknown code of the file submit_extracurricular_activity.php. The manipulation of the argument activity_contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266284. | ||||
| CVE-2024-54933 | 1 Lopalopa | 1 E-learning Management System | 2024-12-12 | 9.8 Critical |
| Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php. | ||||
| CVE-2024-54930 | 1 Lopalopa | 1 E-learning Management System | 2024-12-12 | 9.8 Critical |
| Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php. | ||||
| CVE-2024-54922 | 1 Lopalopa | 1 E-learning Management System | 2024-12-12 | 9.8 Critical |
| A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters. | ||||
| CVE-2024-54926 | 1 Lopalopa | 1 E-learning Management System | 2024-12-11 | 9.8 Critical |
| A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter. | ||||
| CVE-2024-54937 | 1 Lopalopa | 1 E-learning Management System | 2024-12-11 | 5.3 Medium |
| A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets. | ||||
| CVE-2024-54935 | 1 Lopalopa | 1 E-learning Management System | 2024-12-11 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter. | ||||
| CVE-2024-54929 | 1 Lopalopa | 1 E-learning Management System | 2024-12-11 | 7.2 High |
| KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php. | ||||
| CVE-2024-54920 | 1 Lopalopa | 1 E-learning Management System | 2024-12-11 | 9.8 Critical |
| A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters. | ||||
| CVE-2024-54936 | 1 Lopalopa | 1 E-learning Management System | 2024-12-10 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter. | ||||
| CVE-2024-54919 | 1 Lopalopa | 1 E-learning Management System | 2024-12-10 | 5.4 Medium |
| A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter. | ||||
| CVE-2024-0307 | 1 Lopalopa | 1 Dynamic Lab Management System | 2024-11-21 | 7.3 High |
| A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login_process.php. The manipulation of the argument password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249874 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-0306 | 1 Lopalopa | 1 Dynamic Lab Management System | 2024-11-21 | 7.3 High |
| A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file /admin/admin_login_process.php. The manipulation of the argument admin_password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249873 was assigned to this vulnerability. | ||||
| CVE-2024-50836 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | 6.1 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and lastname parameters. | ||||
| CVE-2024-50826 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
| A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters. | ||||
| CVE-2024-50825 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
| A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter. | ||||
| CVE-2024-50824 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
| A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter. | ||||
| CVE-2024-50823 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
| A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters. | ||||
| CVE-2024-50835 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
| A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters. | ||||
| CVE-2024-50834 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2024-11-18 | 3.5 Low |
| A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0 via the firstname and lastname parameters. | ||||