Lopalopa E Learning Management System
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Lopalopa E Learning Management System.
By the Year
In 2026 there have been 0 vulnerabilities in Lopalopa E Learning Management System. E Learning Management System did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 41 | 7.19 |
It may take a day or so for new E Learning Management System vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Lopalopa E Learning Management System Security Vulnerabilities
SQL Injection in Kashipara E-learning MgmtSys v1.0 /admin/delete_users.php
CVE-2024-54927
- December 09, 2024
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php.
SQLi in Kashipara E-LMS v1.0 via /remove_sent_message.php id param
CVE-2024-54925
- December 09, 2024
A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.
SQLi in Kashipara ESM v1.0 via /admin/edit_content.php (title/content)
CVE-2024-54924
- December 09, 2024
A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters.
SQLi in kashipara E-learning Management System v1.0 /admin/edit_teacher.php
CVE-2024-54923
- December 09, 2024
A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter.
SQLi in Kashipara E-learning System v1.0 /student_signup.php
CVE-2024-54921
- December 09, 2024
A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters.
RCE via File Upload in Kashipara E-LMS 1.0 (/teacher_avatar.php)
CVE-2024-54918
- December 09, 2024
Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php.
Directory Listing in Kashipara E-Learning v1.0 (/admin/uploads)
CVE-2024-54938
- December 09, 2024
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads.
SQLi in Kashipara E-Learning v1.0 - /admin/delete_class.php
CVE-2024-54934
- December 09, 2024
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php.
Kashipara E-learning v1.0 SQLi in /admin/delete_department.php
CVE-2024-54932
- December 09, 2024
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php.
SQLi in Kashipara ELMS v1.0: /admin/delete_event.php?id
CVE-2024-54931
- December 09, 2024
A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.
SQL Injection in Kashipara E-learning System v1.0 (admin/delete_teacher.php)
CVE-2024-54928
- December 09, 2024
kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php,
SQL Injection Vulnerability in kashipara E-learning Management System User Edit Functionality
CVE-2024-54922
7.2 - High
- December 09, 2024
A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters.
SQL Injection
kashipara E-learning Management System Stored XSS in /send_message_teacher_to_student.php
CVE-2024-54935
5.4 - Medium
- December 09, 2024
A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.
XSS
SQL Injection Vulnerability in Kashipara E-learning Management System's Admin Delete Content Module
CVE-2024-54933
7.2 - High
- December 09, 2024
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php.
SQL Injection
Kashipara E-learning Management System SQL Injection Vulnerability in delete_student.php
CVE-2024-54930
7.2 - High
- December 09, 2024
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php.
SQL Injection
SQL Injection Vulnerability in kashipara E-learning Management System
CVE-2024-54926
8.8 - High
- December 09, 2024
A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter.
SQL Injection
SQL Injection via teacher_signup.php: Kashipara ELearning v1.0
CVE-2024-54920
9.8 - Critical
- December 09, 2024
A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters.
SQL Injection
Stored XSS via filename in /teacher_avatar.php of Kashipara E-LMS v1.0
CVE-2024-54919
5.4 - Medium
- December 09, 2024
A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter.
XSS
Kashipara E-Learning System v1.0 Directory Listing via /admin/assets
CVE-2024-54937
5.3 - Medium
- December 09, 2024
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets.
Stored XSS in Kashipara E-learning v1.0 /send_message.php my_message
CVE-2024-54936
5.4 - Medium
- December 09, 2024
A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.
XSS
SQL Injection in KASHIPARA E-learning v1.0 /admin/delete_subject.php
CVE-2024-54929
7.2 - High
- December 09, 2024
KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php.
SQL Injection
SQL Injection in Kashipara e-learning 1.0 - /admin/calendar_of_events via parameters
CVE-2024-50830
7.2 - High
- November 14, 2024
A SQL Injection vulnerability was found in /admin/calendar_of_events.php in kashipara E-learning Management System Project 1.0 via the date_start, date_end, and title parameters.
SQL Injection
SQLi in kashipara eLearning Management System v1.0 /admin/admin_user.php
CVE-2024-50831
7.2 - High
- November 14, 2024
A SQL Injection was found in /admin/admin_user.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.
SQL Injection
SQL Inject in kashipara E-learning Mgt Sys 1.0 /admin/edit_subject.php via unit
CVE-2024-50829
7.2 - High
- November 14, 2024
A SQL Injection vulnerability was found in /admin/edit_subject.php in kashipara E-learning Management System Project 1.0 via the unit parameter.
SQL Injection
SQLi in Kashipara E-learning 1.0 /admin/edit_department.php
CVE-2024-50828
7.2 - High
- November 14, 2024
A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter.
SQL Injection
SQLi in kashipara LMS 1.0 /admin/add_subject.php via subject_code
CVE-2024-50827
7.2 - High
- November 14, 2024
A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter.
SQL Injection
SQL Injection in /admin/login.php of kashipara E-learning Mgt System v1.0
CVE-2024-50823
9.8 - Critical
- November 14, 2024
A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.
SQL Injection
SQLi in Kashipara E-learning System 1.0 (/admin/class.php)
CVE-2024-50824
7.2 - High
- November 14, 2024
A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.
SQL Injection
SQL Injection in kashipara E-learning Management System Project 1.0 /admin/school_year.php
CVE-2024-50825
7.2 - High
- November 14, 2024
A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter.
SQL Injection
Kashipara E-learning SQL Injection via /admin/add_content.php 1.0
CVE-2024-50826
7.2 - High
- November 14, 2024
A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters.
SQL Injection
SQLi in KASHIPARA E-learning MS 1.0 /login.php
CVE-2024-50833
9.8 - Critical
- November 14, 2024
A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters.
SQL Injection
Stored XSS via admin/teachers.php in KASHIPARA E-learning v1.0
CVE-2024-50836
4.8 - Medium
- November 14, 2024
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and lastname parameters.
XSS
KASHIPARA E-learning Mgt System 1.0: SQLi in /admin/edit_student.php
CVE-2024-50835
7.2 - High
- November 14, 2024
A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters.
SQL Injection
SQLi in Kashipara E-learning 1.0 Admin teachers.php via firstname/lastname
CVE-2024-50834
7.2 - High
- November 14, 2024
A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0 via the firstname and lastname parameters.
SQL Injection
SQLi in Kashipara E-learning 1.0 admin/edit_class.php via class_name
CVE-2024-50832
7.2 - High
- November 14, 2024
A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.
SQL Injection
Stored XSS Vulnerability in KASHIPARA E-learning Management System Project
CVE-2024-50838
- November 14, 2024
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters.
KASHIPARA E-learning Management System Project: Stored XSS in admin_user.php
CVE-2024-50837
- November 14, 2024
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters.
Stored XSS in KASHIPARA E-learning Management System via school_year Parameter
CVE-2024-50842
- November 14, 2024
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/school_year.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the school_year parameter.
Stored XSS in KASHIPARA E-learning Management System Calendar Component
CVE-2024-50841
- November 14, 2024
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/calendar_of_events.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the date_start, date_end, and title parameters.
KASHIPARA E-learning Management System Project: Stored XSS in Class Management
CVE-2024-50840
- November 14, 2024
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter.
KASHIPARA E-learning Management System: Stored XSS in add_subject.php
CVE-2024-50839
- November 14, 2024
A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/add_subject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subject_code and title parameters.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Lopalopa E Learning Management System or by Lopalopa? Click the Watch button to subscribe.
