Filtered by vendor Kashipara
Subscriptions
Total
112 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42764 | 1 Kashipara | 1 Bus Ticket Reservation System | 2024-08-23 | 9.4 Critical |
| Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via /deleteTicket.php. | ||||
| CVE-2024-42761 | 1 Kashipara | 1 Bus Ticket Reservation System | 2024-08-23 | 6.1 Medium |
| A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin_schedule.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via scheduleDurationPHP parameter. | ||||
| CVE-2024-42765 | 1 Kashipara | 1 Bus Ticket Reservation System | 2024-08-23 | 9.8 Critical |
| A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or "password" Login page parameters. | ||||
| CVE-2024-42762 | 1 Kashipara | 1 Bus Ticket Reservation System | 2024-08-23 | 5.4 Medium |
| A Stored Cross Site Scripting (XSS) vulnerability was found in "/history.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the Name, Phone, and Email parameter fields. | ||||
| CVE-2024-42782 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2024-08-23 | 7.6 High |
| A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter. | ||||
| CVE-2024-42781 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2024-08-23 | 9.8 Critical |
| A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email parameter. | ||||
| CVE-2024-42780 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2024-08-23 | 8.8 High |
| An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2024-42777 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2024-08-23 | 9.8 Critical |
| An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2024-42779 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2024-08-23 | 8.8 High |
| An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2024-40487 | 1 Kashipara | 1 Live Membership System | 2024-08-23 | 7.6 High |
| A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType parameter. | ||||
| CVE-2024-40480 | 2 Jayesh, Kashipara | 2 Online Exam System, Online Exam System | 2024-08-21 | 9.8 Critical |
| A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access. | ||||
| CVE-2024-0492 | 1 Kashipara | 1 Billing Software | 2024-08-15 | 6.3 Medium |
| A vulnerability classified as critical was found in Kashipara Billing Software 1.0. Affected by this vulnerability is an unknown functionality of the file buyer_detail_submit.php of the component HTTP POST Request Handler. The manipulation of the argument gstn_no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250597 was assigned to this vulnerability. | ||||
| CVE-2024-0495 | 1 Kashipara | 1 Billing Software | 2024-08-13 | 6.3 Medium |
| A vulnerability has been found in Kashipara Billing Software 1.0 and classified as critical. This vulnerability affects unknown code of the file party_submit.php of the component HTTP POST Request Handler. The manipulation of the argument party_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250600. | ||||
| CVE-2024-41240 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-08-13 | 6.3 Medium |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via the "error" parameter. | ||||
| CVE-2024-40488 | 1 Kashipara | 1 Live Membership System | 2024-08-13 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Live Membership System v1.0. This could lead to an attacker tricking the administrator into deleting valid member data via a crafted HTML page, as demonstrated by a Delete Member action at the /delete_members.php. | ||||
| CVE-2024-40486 | 1 Kashipara | 1 Live Membership System | 2024-08-13 | 9.8 Critical |
| A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters. | ||||
| CVE-2024-40482 | 1 Kashipara | 1 Live Membership System | 2024-08-13 | 9.8 Critical |
| An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2024-40479 | 1 Kashipara | 1 Online Exam System | 2024-08-13 | 8.1 High |
| A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allows remote attackers to execute arbitrary SQL commands via the "eid" parameter. | ||||
| CVE-2024-41238 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-08-12 | 4.3 Medium |
| A SQL injection vulnerability in /smsa/student_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter. | ||||
| CVE-2024-41237 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-08-08 | 9.8 Critical |
| A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter. | ||||