CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42784
https://notcve.org/view.php?id=CVE-2024-42784
21 Aug 2024 — A SQL injection vulnerability in "/music/controller.php?page=view_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/SQL%20Injection%20-%20View%20Music%20List.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42785
https://notcve.org/view.php?id=CVE-2024-42785
21 Aug 2024 — A SQL injection vulnerability in /music/index.php?page=view_playlist in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/SQL%20Injection%20-%20View%20Playlist.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42786
https://notcve.org/view.php?id=CVE-2024-42786
21 Aug 2024 — A SQL injection vulnerability in "/music/view_user.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/SQL%20Injection%20-%20View%20Profile.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40479
https://notcve.org/view.php?id=CVE-2024-40479
09 Aug 2024 — A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allows remote attackers to execute arbitrary SQL commands via the "eid" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Online%20Exam%20System%20v1.0/SQL%20Injection.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40480
https://notcve.org/view.php?id=CVE-2024-40480
09 Aug 2024 — A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Online%20Exam%20System%20v1.0/Broken%20Access%20Control%20-%20Admin%20Dashboard%20and%20User%20Deletion.pdf • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40482
https://notcve.org/view.php?id=CVE-2024-40482
08 Aug 2024 — An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/Unrestricted%20File%20Upload.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40486
https://notcve.org/view.php?id=CVE-2024-40486
08 Aug 2024 — A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/SQL%20Injection.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.6EPSS: 1%CPEs: 1EXPL: 0CVE-2024-40487
https://notcve.org/view.php?id=CVE-2024-40487
08 Aug 2024 — A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/Stored%20XSS.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40488
https://notcve.org/view.php?id=CVE-2024-40488
08 Aug 2024 — A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Live Membership System v1.0. This could lead to an attacker tricking the administrator into deleting valid member data via a crafted HTML page, as demonstrated by a Delete Member action at the /delete_members.php. • https://capec.mitre.org/data/definitions/62.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41238
https://notcve.org/view.php?id=CVE-2024-41238
08 Aug 2024 — A SQL injection vulnerability in /smsa/student_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Responsive%20School%20Management%20System%20v3.2.0/SQL%20Injection%20-%20Student.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •