本ページは lopalopa e-learning_management_system に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-54938 | A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads. | [email protected] | 7.5 | 0.55% | 2024-12-09 | 2025-04-24 |
| CVE-2024-54934 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php. | [email protected] | 9.8 | 0.49% | 2024-12-09 | 2025-04-24 |
| CVE-2024-54932 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php. | [email protected] | 9.8 | 0.49% | 2024-12-09 | 2025-04-24 |
| CVE-2024-54931 | A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. | [email protected] | 9.8 | 0.57% | 2024-12-09 | 2025-04-24 |
| CVE-2024-54928 | kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php, | [email protected] | 7.2 | 0.46% | 2024-12-09 | 2025-04-24 |
| CVE-2024-54927 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php. | [email protected] | 7.2 | 0.46% | 2024-12-09 | 2025-04-24 |
| CVE-2024-54925 | A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. | [email protected] | 9.8 | 0.57% | 2024-12-09 | 2025-04-14 |
| CVE-2024-54924 | A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters. | [email protected] | 9.8 | 0.57% | 2024-12-09 | 2025-04-14 |
| CVE-2024-54923 | A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter. | [email protected] | 9.8 | 0.57% | 2024-12-09 | 2025-04-14 |
| CVE-2024-54921 | A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters. | [email protected] | 9.8 | 0.57% | 2024-12-09 | 2025-04-14 |
| CVE-2024-54918 | Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php. | [email protected] | 9.8 | 0.90% | 2024-12-09 | 2025-04-14 |
| CVE-2024-54935 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter. | [email protected] | 5.4 | 0.38% | 2024-12-09 | 2024-12-11 |
| CVE-2024-54933 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php. | [email protected] | 7.2 | 0.47% | 2024-12-09 | 2024-12-12 |
| CVE-2024-54930 | Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php. | [email protected] | 7.2 | 0.47% | 2024-12-09 | 2024-12-12 |
| CVE-2024-54922 | A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters. | [email protected] | 7.2 | 0.55% | 2024-12-09 | 2024-12-12 |
| CVE-2024-54926 | A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter. | [email protected] | 8.8 | 0.56% | 2024-12-09 | 2024-12-11 |
| CVE-2024-54920 | A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters. | [email protected] | 9.8 | 0.57% | 2024-12-09 | 2025-03-20 |
| CVE-2024-54919 | A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter. | [email protected] | 5.4 | 0.30% | 2024-12-09 | 2024-12-10 |
| CVE-2024-54937 | A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets. | [email protected] | 5.3 | 0.45% | 2024-12-09 | 2025-03-20 |
| CVE-2024-54936 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter. | [email protected] | 5.4 | 0.36% | 2024-12-09 | 2024-12-10 |