Lopalopa Lopalopa

  1. Vendors
  2. Lopalopa

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Lopalopa product.

RSS Feeds for Lopalopa security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Lopalopa products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Lopalopa Sorted by Most Security Vulnerabilities since 2018

Lopalopa E Learning Management System41 vulnerabilities

Lopalopa Music Management System22 vulnerabilities

Lopalopa College Management System21 vulnerabilities

Lopalopa Responsive School Management System17 vulnerabilities

Lopalopa Live Membership System4 vulnerabilities

Lopalopa Dynamic Lab Management System3 vulnerabilities

Lopalopa Online Service Management Portal3 vulnerabilities

Lopalopa Responsive Online Learing Platform1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Lopalopa. Last year, in 2025 Lopalopa had 4 security vulnerabilities published. Right now, Lopalopa is on track to have less security vulnerabilities in 2026 than it did last year.

Year Vulnerabilities Average Score
2026 0 0.00
2025 4 8.18
2024 108 7.22

It may take a day or so for new Lopalopa vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Lopalopa Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-5214 May 27, 2025
SQLi in Kashipara Responsive Online Learning Platform 1.0 via ID param A vulnerability was found in Kashipara Responsive Online Learing Platform 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /courses/course_detail_user_new.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the affected product appears to have a typo in it.
Responsive Online Learing Platform
CVE-2025-45322 May 05, 2025
SQL Injection in Kashipara OSMS V1.0 CheckStatus.php via checkid kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in osms/Requester/CheckStatus.php via the checkid parameter.
Online Service Management Portal
CVE-2025-45321 May 05, 2025
SQL Injection in Kashipara OSMP v1.0 /Requesterchangepass.php via rPassword kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in /osms/Requester/Requesterchangepass.php via the parameter: rPassword.
Online Service Management Portal
CVE-2025-45320 May 05, 2025
Directory Listing on /osms/Requester/ in Kashipara OSM Portal V1.0 A Directory Listing Vulnerability was found in the /osms/Requester/ directory of the Kashipara Online Service Management Portal V1.0.
Online Service Management Portal
CVE-2024-54927 Dec 09, 2024
SQL Injection in Kashipara E-learning MgmtSys v1.0 /admin/delete_users.php Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php.
E Learning Management System
CVE-2024-54928 Dec 09, 2024
SQL Injection in Kashipara E-learning System v1.0 (admin/delete_teacher.php) kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php,
E Learning Management System
CVE-2024-54931 Dec 09, 2024
SQLi in Kashipara ELMS v1.0: /admin/delete_event.php?id A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.
E Learning Management System
CVE-2024-54932 Dec 09, 2024
Kashipara E-learning v1.0 SQLi in /admin/delete_department.php Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php.
E Learning Management System
CVE-2024-54934 Dec 09, 2024
SQLi in Kashipara E-Learning v1.0 - /admin/delete_class.php Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php.
E Learning Management System
CVE-2024-54938 Dec 09, 2024
Directory Listing in Kashipara E-Learning v1.0 (/admin/uploads) A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads.
E Learning Management System
CVE-2024-54918 Dec 09, 2024
RCE via File Upload in Kashipara E-LMS 1.0 (/teacher_avatar.php) Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php.
E Learning Management System
CVE-2024-54921 Dec 09, 2024
SQLi in Kashipara E-learning System v1.0 /student_signup.php A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters.
E Learning Management System
CVE-2024-54923 Dec 09, 2024
SQLi in kashipara E-learning Management System v1.0 /admin/edit_teacher.php A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter.
E Learning Management System
CVE-2024-54924 Dec 09, 2024
SQLi in Kashipara ESM v1.0 via /admin/edit_content.php (title/content) A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters.
E Learning Management System
CVE-2024-54925 Dec 09, 2024
SQLi in Kashipara E-LMS v1.0 via /remove_sent_message.php id param A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.
E Learning Management System
CVE-2024-54922 Dec 09, 2024
SQL Injection Vulnerability in kashipara E-learning Management System User Edit Functionality A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters.
E Learning Management System
CVE-2024-54930 Dec 09, 2024
Kashipara E-learning Management System SQL Injection Vulnerability in delete_student.php Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php.
E Learning Management System
CVE-2024-54933 Dec 09, 2024
SQL Injection Vulnerability in Kashipara E-learning Management System's Admin Delete Content Module Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php.
E Learning Management System
CVE-2024-54935 Dec 09, 2024
kashipara E-learning Management System Stored XSS in /send_message_teacher_to_student.php A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.
E Learning Management System
CVE-2024-54926 Dec 09, 2024
SQL Injection Vulnerability in kashipara E-learning Management System A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter.
E Learning Management System
CVE-2024-54919 Dec 09, 2024
Stored XSS via filename in /teacher_avatar.php of Kashipara E-LMS v1.0 A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter.
E Learning Management System
CVE-2024-54920 Dec 09, 2024
SQL Injection via teacher_signup.php: Kashipara ELearning v1.0 A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters.
E Learning Management System
CVE-2024-54929 Dec 09, 2024
SQL Injection in KASHIPARA E-learning v1.0 /admin/delete_subject.php KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php.
E Learning Management System
CVE-2024-54936 Dec 09, 2024
Stored XSS in Kashipara E-learning v1.0 /send_message.php my_message A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.
E Learning Management System
CVE-2024-54937 Dec 09, 2024
Kashipara E-Learning System v1.0 Directory Listing via /admin/assets A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets.
E Learning Management System
CVE-2024-50823 Nov 14, 2024
SQL Injection in /admin/login.php of kashipara E-learning Mgt System v1.0 A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.
E Learning Management System
CVE-2024-50824 Nov 14, 2024
SQLi in Kashipara E-learning System 1.0 (/admin/class.php) A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.
E Learning Management System
CVE-2024-50831 Nov 14, 2024
SQLi in kashipara eLearning Management System v1.0 /admin/admin_user.php A SQL Injection was found in /admin/admin_user.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.
E Learning Management System
CVE-2024-50830 Nov 14, 2024
SQL Injection in Kashipara e-learning 1.0 - /admin/calendar_of_events via parameters A SQL Injection vulnerability was found in /admin/calendar_of_events.php in kashipara E-learning Management System Project 1.0 via the date_start, date_end, and title parameters.
E Learning Management System
CVE-2024-50829 Nov 14, 2024
SQL Inject in kashipara E-learning Mgt Sys 1.0 /admin/edit_subject.php via unit A SQL Injection vulnerability was found in /admin/edit_subject.php in kashipara E-learning Management System Project 1.0 via the unit parameter.
E Learning Management System
CVE-2024-50828 Nov 14, 2024
SQLi in Kashipara E-learning 1.0 /admin/edit_department.php A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter.
E Learning Management System
CVE-2024-50827 Nov 14, 2024
SQLi in kashipara LMS 1.0 /admin/add_subject.php via subject_code A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter.
E Learning Management System
CVE-2024-50826 Nov 14, 2024
Kashipara E-learning SQL Injection via /admin/add_content.php 1.0 A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters.
E Learning Management System
CVE-2024-50825 Nov 14, 2024
SQL Injection in kashipara E-learning Management System Project 1.0 /admin/school_year.php A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter.
E Learning Management System
CVE-2024-50833 Nov 14, 2024
SQLi in KASHIPARA E-learning MS 1.0 /login.php A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters.
E Learning Management System
CVE-2024-50832 Nov 14, 2024
SQLi in Kashipara E-learning 1.0 admin/edit_class.php via class_name A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.
E Learning Management System
CVE-2024-50834 Nov 14, 2024
SQLi in Kashipara E-learning 1.0 Admin teachers.php via firstname/lastname A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0 via the firstname and lastname parameters.
E Learning Management System
CVE-2024-50835 Nov 14, 2024
KASHIPARA E-learning Mgt System 1.0: SQLi in /admin/edit_student.php A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters.
E Learning Management System
CVE-2024-50836 Nov 14, 2024
Stored XSS via admin/teachers.php in KASHIPARA E-learning v1.0 A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and lastname parameters.
E Learning Management System
CVE-2024-50838 Nov 14, 2024
Stored XSS Vulnerability in KASHIPARA E-learning Management System Project A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters.
E Learning Management System
CVE-2024-50837 Nov 14, 2024
KASHIPARA E-learning Management System Project: Stored XSS in admin_user.php A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters.
E Learning Management System
CVE-2024-50842 Nov 14, 2024
Stored XSS in KASHIPARA E-learning Management System via school_year Parameter A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/school_year.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the school_year parameter.
E Learning Management System
CVE-2024-50841 Nov 14, 2024
Stored XSS in KASHIPARA E-learning Management System Calendar Component A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/calendar_of_events.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the date_start, date_end, and title parameters.
E Learning Management System
CVE-2024-50840 Nov 14, 2024
KASHIPARA E-learning Management System Project: Stored XSS in Class Management A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter.
E Learning Management System
CVE-2024-50839 Nov 14, 2024
KASHIPARA E-learning Management System: Stored XSS in add_subject.php A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/add_subject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subject_code and title parameters.
E Learning Management System
CVE-2024-42797 Sep 25, 2024
Kashipara Music Management v1.0 Unauth Delete Playlist via AJAX An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries.
Music Management System
CVE-2024-42798 Sep 16, 2024
Kash Music Sys v1.0: IC Vulnerability in /music/index.php allows admin takeover An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account.
Music Management System
CVE-2024-42795 Sep 16, 2024
Unauth Access to /music/view_user.php in Kashipara Music MS v1.0 An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details.
Music Management System
CVE-2024-42796 Sep 16, 2024
Kashipara Music Mgmt Sys v1.0 Unauth Delete Genre via /music/ajax.php An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries.
Music Management System
CVE-2024-42794 Sep 16, 2024
Incorrect Access Control in Kashipara v1.0 via ajax.php Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user.
Music Management System
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.