Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2024-11-14 CVE-2024-3502 Insecure Storage of Sensitive Information vulnerability in Lunary
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists where account recovery hashes of users are inadvertently exposed to unauthorized actors.
network
low complexity
lunary CWE-922
8.1
8.1
2024-11-14 CVE-2024-50824 SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0
A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.
network
low complexity
lopalopa CWE-89
7.2
7.2
2024-11-14 CVE-2024-50825 SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0
A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter.
network
low complexity
lopalopa CWE-89
7.2
7.2
2024-11-14 CVE-2024-50826 SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0
A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters.
network
low complexity
lopalopa CWE-89
7.2
7.2
2024-11-14 CVE-2024-50827 SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0
A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter.
network
low complexity
lopalopa CWE-89
7.2
7.2
2024-11-14 CVE-2024-50828 SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0
A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter.
network
low complexity
lopalopa CWE-89
7.2
7.2
2024-11-14 CVE-2024-50829 SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0
A SQL Injection vulnerability was found in /admin/edit_subject.php in kashipara E-learning Management System Project 1.0 via the unit parameter.
network
low complexity
lopalopa CWE-89
7.2
7.2
2024-11-14 CVE-2024-50830 SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0
A SQL Injection vulnerability was found in /admin/calendar_of_events.php in kashipara E-learning Management System Project 1.0 via the date_start, date_end, and title parameters.
network
low complexity
lopalopa CWE-89
7.2
7.2
2024-11-14 CVE-2024-50831 SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0
A SQL Injection was found in /admin/admin_user.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.
network
low complexity
lopalopa CWE-89
7.2
7.2
2024-11-14 CVE-2024-50832 SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0
A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.
network
low complexity
lopalopa CWE-89
7.2
7.2