|
303461
|
9.8 |
CRITICAL
Network
|
lopalopa
|
e-learning_management_system
|
A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters.
|
CWE-89
SQL Injection
|
CVE-2024-50833
|
2024-11-19 01:38 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303462
|
7.2 |
HIGH
Network
|
lopalopa
|
e-learning_management_system
|
A SQL Injection was found in /admin/admin_user.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.
|
CWE-89
SQL Injection
|
CVE-2024-50831
|
2024-11-19 01:37 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303463
|
7.2 |
HIGH
Network
|
lopalopa
|
e-learning_management_system
|
A SQL Injection vulnerability was found in /admin/calendar_of_events.php in kashipara E-learning Management System Project 1.0 via the date_start, date_end, and title parameters.
|
CWE-89
SQL Injection
|
CVE-2024-50830
|
2024-11-19 01:37 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303464
|
7.2 |
HIGH
Network
|
lopalopa
|
e-learning_management_system
|
A SQL Injection vulnerability was found in /admin/edit_subject.php in kashipara E-learning Management System Project 1.0 via the unit parameter.
|
CWE-89
SQL Injection
|
CVE-2024-50829
|
2024-11-19 01:37 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303465
|
7.2 |
HIGH
Network
|
lopalopa
|
e-learning_management_system
|
A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.
|
CWE-89
SQL Injection
|
CVE-2024-50832
|
2024-11-19 01:37 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303466
|
7.2 |
HIGH
Network
|
lopalopa
|
e-learning_management_system
|
A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter.
|
CWE-89
SQL Injection
|
CVE-2024-50828
|
2024-11-19 01:36 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303467
|
7.2 |
HIGH
Network
|
lopalopa
|
e-learning_management_system
|
A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter.
|
CWE-89
SQL Injection
|
CVE-2024-50827
|
2024-11-19 01:36 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303468
|
- |
|
-
|
-
|
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an attacker may be able to know…
|
CWE-22
Path Traversal
|
CVE-2024-42499
|
2024-11-19 01:35 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303469
|
- |
|
-
|
-
|
zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Pa…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-4311
|
2024-11-19 01:35 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303470
|
- |
|
-
|
-
|
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists where account recovery hashes of users are inadvertently exposed to unauthorized actors. This is…
|
CWE-200
Information Exposure
|
CVE-2024-3502
|
2024-11-19 01:35 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
