jayesh 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk cross-site scripting、vendor risk sql injection, and vendor risk csrf に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で vendor impact session compromise and vendor impact data exposure などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-51567 | A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request. | [email protected] | 9.1 | 0.35% | 2026-01-12 | 2026-01-16 |
| CVE-2024-42773 | An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the administrator section. | [email protected] | 9.1 | 0.49% | 2024-08-22 | 2025-04-30 |
| CVE-2024-42767 | Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php. | [email protected] | 7.2 | 0.58% | 2024-08-22 | 2025-04-30 |
| CVE-2024-42776 | Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php. | [email protected] | 7.2 | 0.53% | 2024-08-22 | 2025-04-30 |
| CVE-2024-42775 | An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access. | [email protected] | 9.1 | 0.48% | 2024-08-22 | 2025-04-30 |
| CVE-2024-42774 | An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section. | [email protected] | 7.5 | 0.41% | 2024-08-22 | 2025-04-30 |
| CVE-2024-42772 | An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section. | [email protected] | 7.5 | 0.48% | 2024-08-22 | 2025-04-30 |
| CVE-2024-42768 | A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php. | [email protected] | 6.8 | 0.17% | 2024-08-22 | 2025-04-30 |
| CVE-2024-42771 | A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" parameter. | [email protected] | 4.8 | 0.42% | 2024-08-22 | 2025-04-30 |
| CVE-2024-42770 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the "user_email" parameter. | [email protected] | 4.7 | 0.48% | 2024-08-22 | 2025-04-30 |
| CVE-2024-42769 | A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "user_fname" and "user_lname" parameters. | [email protected] | 6.1 | 0.37% | 2024-08-22 | 2025-04-30 |
| CVE-2024-40480 | A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access. | [email protected] | 9.8 | 0.53% | 2024-08-12 | 2025-03-14 |
| CVE-2024-40479 | A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allows remote attackers to execute arbitrary SQL commands via the "eid" parameter. | [email protected] | 8.1 | 0.80% | 2024-08-12 | 2025-11-19 |
| CVE-2024-40478 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields | [email protected] | 5.4 | 0.60% | 2024-08-12 | 2025-03-13 |
| CVE-2023-49272 | Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. | [email protected] | 5.4 | 0.37% | 2023-12-20 | 2025-12-05 |
| CVE-2023-49271 | Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. | [email protected] | 5.4 | 0.38% | 2023-12-20 | 2026-01-06 |
| CVE-2023-49270 | Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. | [email protected] | 5.4 | 0.38% | 2023-12-20 | 2026-01-06 |
| CVE-2023-49269 | Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'adults' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. | [email protected] | 5.4 | 0.37% | 2023-12-20 | 2026-01-06 |