Lopalopa

E-learning Management System

41 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-54918

Exploit
  • EPSS 3.88%
  • Veröffentlicht 09.12.2024 19:15:15
  • Zuletzt bearbeitet 14.04.2025 15:14:03

Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php.

5.4

CVE-2024-54935

Exploit
  • EPSS 0.25%
  • Veröffentlicht 09.12.2024 18:15:24
  • Zuletzt bearbeitet 11.12.2024 16:51:17

A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.

7.2

CVE-2024-54933

Exploit
  • EPSS 0.13%
  • Veröffentlicht 09.12.2024 18:15:24
  • Zuletzt bearbeitet 12.12.2024 18:15:26

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php.

7.2

CVE-2024-54930

Exploit
  • EPSS 0.09%
  • Veröffentlicht 09.12.2024 18:15:24
  • Zuletzt bearbeitet 12.12.2024 18:15:26

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php.

7.2

CVE-2024-54922

Exploit
  • EPSS 0.72%
  • Veröffentlicht 09.12.2024 18:15:24
  • Zuletzt bearbeitet 12.12.2024 18:15:26

A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters...

8.8

CVE-2024-54926

Exploit
  • EPSS 1.09%
  • Veröffentlicht 09.12.2024 17:15:09
  • Zuletzt bearbeitet 11.12.2024 17:24:11

A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter.

9.8

CVE-2024-54920

Exploit
  • EPSS 1.48%
  • Veröffentlicht 09.12.2024 15:15:21
  • Zuletzt bearbeitet 20.03.2025 21:15:22

A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_i...

5.4

CVE-2024-54919

Exploit
  • EPSS 0.14%
  • Veröffentlicht 09.12.2024 15:15:21
  • Zuletzt bearbeitet 10.12.2024 18:15:42

A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter.

5.3

CVE-2024-54937

Exploit
  • EPSS 0.29%
  • Veröffentlicht 09.12.2024 14:15:13
  • Zuletzt bearbeitet 20.03.2025 21:15:22

A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets.

5.4

CVE-2024-54936

Exploit
  • EPSS 0.26%
  • Veröffentlicht 09.12.2024 14:15:13
  • Zuletzt bearbeitet 10.12.2024 18:15:43

A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.