High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-08-28	CVE-2024-42793	Cross-Site Request Forgery (CSRF) vulnerability in Lopalopa Music Management System 1.0 A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page. network low complexity lopalopa CWE-352	8.0
2024-08-28	CVE-2024-41236	SQL Injection vulnerability in Lopalopa Responsive School Management System 3.2.0 A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page network low complexity lopalopa CWE-89	7.2
2024-08-21	CVE-2024-42778	Unrestricted Upload of File with Dangerous Type vulnerability in Lopalopa Music Management System 1.0 An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. network low complexity lopalopa CWE-434	8.8
2024-08-21	CVE-2024-42779	Unrestricted Upload of File with Dangerous Type vulnerability in Lopalopa Music Management System 1.0 An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. network low complexity lopalopa CWE-434	8.8
2024-08-21	CVE-2024-42780	Unrestricted Upload of File with Dangerous Type vulnerability in Lopalopa Music Management System 1.0 An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kashipara Music Management System v1.0. network low complexity lopalopa CWE-434	8.8
2024-08-21	CVE-2024-42785	SQL Injection vulnerability in Lopalopa Music Management System 1.0 A SQL injection vulnerability in /music/index.php?page=view_playlist in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter. network low complexity lopalopa CWE-89	8.8
2024-08-21	CVE-2024-42786	SQL Injection vulnerability in Lopalopa Music Management System 1.0 A SQL injection vulnerability in "/music/view_user.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page. network low complexity lopalopa CWE-89	8.8
2024-01-08	CVE-2024-0307	SQL Injection vulnerability in Lopalopa Dynamic LAB Management System 1.0 A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. network low complexity lopalopa CWE-89	7.5
2024-01-08	CVE-2024-0306	SQL Injection vulnerability in Lopalopa Dynamic LAB Management System 1.0 A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. network low complexity lopalopa CWE-89	7.5