Filtered by vendor Lopalopa
Subscriptions
Filtered by product E-learning Management System
Subscriptions
Total
41 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-50839 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2025-05-06 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/add_subject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subject_code and title parameters. | ||||
| CVE-2024-50840 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2025-05-06 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter. | ||||
| CVE-2024-50841 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2025-05-06 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/calendar_of_events.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the date_start, date_end, and title parameters. | ||||
| CVE-2024-50842 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2025-05-06 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/school_year.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the school_year parameter. | ||||
| CVE-2024-50837 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2025-05-06 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters. | ||||
| CVE-2024-50838 | 2 Kashipara, Lopalopa | 2 E Learning Management System Project, E-learning Management System | 2025-05-06 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters. | ||||
| CVE-2024-54927 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | 7.2 High |
| Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php. | ||||
| CVE-2024-54928 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | 7.2 High |
| kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php, | ||||
| CVE-2024-54938 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | 7.5 High |
| A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads. | ||||
| CVE-2024-54934 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | 9.8 Critical |
| Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php. | ||||
| CVE-2024-54932 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | 9.8 Critical |
| Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php. | ||||
| CVE-2024-54931 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | 9.8 Critical |
| A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. | ||||
| CVE-2024-54921 | 1 Lopalopa | 1 E-learning Management System | 2025-04-14 | 9.8 Critical |
| A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters. | ||||
| CVE-2024-54923 | 1 Lopalopa | 1 E-learning Management System | 2025-04-14 | 9.8 Critical |
| A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter. | ||||
| CVE-2024-54924 | 1 Lopalopa | 1 E-learning Management System | 2025-04-14 | 9.8 Critical |
| A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters. | ||||
| CVE-2024-54925 | 1 Lopalopa | 1 E-learning Management System | 2025-04-14 | 9.8 Critical |
| A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. | ||||
| CVE-2024-54918 | 1 Lopalopa | 1 E-learning Management System | 2025-04-14 | 9.8 Critical |
| Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php. | ||||
| CVE-2024-54937 | 1 Lopalopa | 1 E-learning Management System | 2025-03-20 | 5.3 Medium |
| A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets. | ||||
| CVE-2024-54920 | 1 Lopalopa | 1 E-learning Management System | 2025-03-20 | 9.8 Critical |
| A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters. | ||||
| CVE-2024-54929 | 1 Lopalopa | 1 E-learning Management System | 2025-03-18 | 7.2 High |
| KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php. | ||||