Lopalopa

E-learning Management System

41 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-54938

Exploit
  • EPSS 0.15%
  • Veröffentlicht 09.12.2024 19:15:17
  • Zuletzt bearbeitet 24.04.2025 15:27:01

A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads.

9.8

CVE-2024-54934

Exploit
  • EPSS 0.12%
  • Veröffentlicht 09.12.2024 19:15:16
  • Zuletzt bearbeitet 24.04.2025 15:16:18

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php.

9.8

CVE-2024-54932

Exploit
  • EPSS 0.12%
  • Veröffentlicht 09.12.2024 19:15:16
  • Zuletzt bearbeitet 24.04.2025 15:15:48

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php.

9.8

CVE-2024-54931

Exploit
  • EPSS 0.78%
  • Veröffentlicht 09.12.2024 19:15:16
  • Zuletzt bearbeitet 24.04.2025 15:12:18

A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.

7.2

CVE-2024-54928

Exploit
  • EPSS 0.08%
  • Veröffentlicht 09.12.2024 19:15:16
  • Zuletzt bearbeitet 24.04.2025 16:51:52

kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php,

7.2

CVE-2024-54927

Exploit
  • EPSS 0.08%
  • Veröffentlicht 09.12.2024 19:15:16
  • Zuletzt bearbeitet 24.04.2025 16:55:04

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php.

9.8

CVE-2024-54925

Exploit
  • EPSS 0.78%
  • Veröffentlicht 09.12.2024 19:15:16
  • Zuletzt bearbeitet 14.04.2025 15:14:31

A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.

9.8

CVE-2024-54924

Exploit
  • EPSS 0.78%
  • Veröffentlicht 09.12.2024 19:15:16
  • Zuletzt bearbeitet 14.04.2025 15:15:25

A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters.

9.8

CVE-2024-54923

Exploit
  • EPSS 0.78%
  • Veröffentlicht 09.12.2024 19:15:16
  • Zuletzt bearbeitet 14.04.2025 15:15:34

A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter.

9.8

CVE-2024-54921

Exploit
  • EPSS 0.4%
  • Veröffentlicht 09.12.2024 19:15:15
  • Zuletzt bearbeitet 14.04.2025 15:15:41

A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id p...