Vulnerabilities > Lopalopa
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-05 | CVE-2025-45320 | Unspecified vulnerability in Lopalopa Online Service Management Portal 1.0 A Directory Listing Vulnerability was found in the /osms/Requester/ directory of the Kashipara Online Service Management Portal V1.0. | 5.3 |
| 2025-05-05 | CVE-2025-45321 | SQL Injection vulnerability in Lopalopa Online Service Management Portal 1.0 kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in /osms/Requester/Requesterchangepass.php via the parameter: rPassword. | 8.8 |
| 2025-05-05 | CVE-2025-45322 | SQL Injection vulnerability in Lopalopa Online Service Management Portal 1.0 kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in osms/Requester/CheckStatus.php via the checkid parameter. | 8.8 |
| 2024-12-09 | CVE-2024-54922 | SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0 A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters. | 7.2 |
| 2024-12-09 | CVE-2024-54930 | SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0 Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php. | 7.2 |
| 2024-12-09 | CVE-2024-54933 | SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0 Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php. | 7.2 |
| 2024-12-09 | CVE-2024-54935 | Cross-site Scripting vulnerability in Lopalopa E-Learning Management System 1.0 A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. | 5.4 |
| 2024-12-09 | CVE-2024-54926 | SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0 A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter. | 8.8 |
| 2024-12-09 | CVE-2024-54919 | Cross-site Scripting vulnerability in Lopalopa E-Learning Management System 1.0 A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. | 5.4 |
| 2024-12-09 | CVE-2024-54920 | SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0 A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters. | 9.8 |