Filtered by vendor Lopalopa
Subscribe
Total
88 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-54927 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | N/A | 7.2 HIGH |
| Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php. | |||||
| CVE-2024-54928 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | N/A | 7.2 HIGH |
| kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php, | |||||
| CVE-2024-54938 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | N/A | 7.5 HIGH |
| A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads. | |||||
| CVE-2024-54934 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | N/A | 9.8 CRITICAL |
| Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php. | |||||
| CVE-2024-54932 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | N/A | 9.8 CRITICAL |
| Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php. | |||||
| CVE-2024-54931 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | N/A | 9.8 CRITICAL |
| A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. | |||||
| CVE-2024-54921 | 1 Lopalopa | 1 E-learning Management System | 2025-04-14 | N/A | 9.8 CRITICAL |
| A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters. | |||||
| CVE-2024-54923 | 1 Lopalopa | 1 E-learning Management System | 2025-04-14 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter. | |||||
| CVE-2024-54924 | 1 Lopalopa | 1 E-learning Management System | 2025-04-14 | N/A | 9.8 CRITICAL |
| A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters. | |||||
| CVE-2024-54925 | 1 Lopalopa | 1 E-learning Management System | 2025-04-14 | N/A | 9.8 CRITICAL |
| A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. | |||||
| CVE-2024-54918 | 1 Lopalopa | 1 E-learning Management System | 2025-04-14 | N/A | 9.8 CRITICAL |
| Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php. | |||||
| CVE-2024-41246 | 1 Lopalopa | 1 Responsive School Management System | 2025-03-27 | N/A | 5.3 MEDIUM |
| An Incorrect Access Control vulnerability was found in /smsa/admin_dashboard.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view administrator dashboard. | |||||
| CVE-2024-54937 | 1 Lopalopa | 1 E-learning Management System | 2025-03-20 | N/A | 5.3 MEDIUM |
| A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets. | |||||
| CVE-2024-54920 | 1 Lopalopa | 1 E-learning Management System | 2025-03-20 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters. | |||||
| CVE-2024-41243 | 1 Lopalopa | 1 Responsive School Management System | 2025-03-19 | N/A | 5.3 MEDIUM |
| An Incorrect Access Control vulnerability was found in /smsa/view_marks.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view MARKS details. | |||||
| CVE-2024-54929 | 1 Lopalopa | 1 E-learning Management System | 2025-03-18 | N/A | 7.2 HIGH |
| KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php. | |||||
| CVE-2024-41250 | 1 Lopalopa | 1 Responsive School Management System | 2025-03-14 | N/A | 5.3 MEDIUM |
| An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT details. | |||||
| CVE-2024-41251 | 1 Lopalopa | 1 Responsive School Management System | 2025-03-13 | N/A | 6.5 MEDIUM |
| An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration. | |||||
| CVE-2024-42778 | 1 Lopalopa | 1 Music Management System | 2025-03-13 | N/A | 8.8 HIGH |
| An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2024-4807 | 1 Lopalopa | 1 College Management System | 2025-02-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in Kashipara College Management System 1.0. This issue affects some unknown processing of the file delete_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263927. | |||||