lopalopa e-learning_management_system CVE 漏洞(41)

CVE 数: 41 CPE versions: View versions table

摘要

本页列出影响 lopalopa e-learning_management_system 的已公开 CVE 漏洞(通过 NVD CPE 关联)。每行包含严重程度评分、摘要与发布日期,便于识别与分析安全问题。

显示 12041 CVE 数
«« 第一页 « 上一页 第 1 / 3 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2024-54938 A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads. [email protected] 7.5 0.56% 2024-12-09 2026-06-17
CVE-2024-54934 Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php. [email protected] 9.8 0.49% 2024-12-09 2026-06-17
CVE-2024-54932 Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php. [email protected] 9.8 0.49% 2024-12-09 2026-06-17
CVE-2024-54931 A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. [email protected] 9.8 0.57% 2024-12-09 2026-06-17
CVE-2024-54928 kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php, [email protected] 7.2 0.46% 2024-12-09 2026-06-17
CVE-2024-54927 Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php. [email protected] 7.2 0.46% 2024-12-09 2026-06-17
CVE-2024-54925 A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. [email protected] 9.8 0.57% 2024-12-09 2026-06-17
CVE-2024-54924 A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters. [email protected] 9.8 0.57% 2024-12-09 2026-06-17
CVE-2024-54923 A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter. [email protected] 9.8 0.57% 2024-12-09 2026-06-17
CVE-2024-54921 A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters. [email protected] 9.8 0.57% 2024-12-09 2026-06-17
CVE-2024-54918 Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php. [email protected] 9.8 0.90% 2024-12-09 2026-06-17
CVE-2024-54935 A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter. [email protected] 5.4 0.38% 2024-12-09 2026-06-17
CVE-2024-54933 Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php. [email protected] 7.2 0.47% 2024-12-09 2026-06-17
CVE-2024-54930 Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php. [email protected] 7.2 0.47% 2024-12-09 2026-06-17
CVE-2024-54922 A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters. [email protected] 7.2 0.55% 2024-12-09 2026-06-17
CVE-2024-54926 A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter. [email protected] 8.8 0.56% 2024-12-09 2026-06-17
CVE-2024-54920 A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters. [email protected] 9.8 0.57% 2024-12-09 2026-06-17
CVE-2024-54919 A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter. [email protected] 5.4 0.30% 2024-12-09 2026-06-17
CVE-2024-54937 A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets. [email protected] 5.3 0.45% 2024-12-09 2026-06-17
CVE-2024-54936 A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter. [email protected] 5.4 0.36% 2024-12-09 2026-06-17
«« 第一页 « 上一页 第 1 / 3 页 下一页 »
cvelogic Threat Intelligence