Lopalopa Responsive School Management System

SQL injection in Kashipara SMS v3.2.0 admin_login.php
CVE-2024-41236 7.2 - High - August 28, 2024

A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page

SQL Injection

SQLi in Kashipara RSM v1.0 via /smsa/student_login.php username
CVE-2024-41238 5.3 - Medium - August 08, 2024

A SQL injection vulnerability in /smsa/student_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter.

SQL Injection

Kashipara SMS v1.0 PHP SQLi via teacher_login.php (username)
CVE-2024-41237 9.8 - Critical - August 07, 2024

A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter.

SQL Injection

XSS in Responsive School Management Sys 3.2 via add_class_submit.php
CVE-2024-41239 4.8 - Medium - August 07, 2024

A Stored Cross Site Scripting (XSS) vulnerability was found in "/smsa/add_class_submit.php" in Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "class_name" parameter field.

XSS

Kashipara SM System v3.2.0 XSS via error param in /smsa/admin_login.php
CVE-2024-41241 6.1 - Medium - August 07, 2024

A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/admin_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter.

XSS

Reflected XSS in /smsa/teacher_login.php of Kashipara RMS v3.2.0 via error param
CVE-2024-41240 6.1 - Medium - August 07, 2024

A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via the "error" parameter.

XSS

Reflected XSS in Kashipara SMS v3.2.0 via error param
CVE-2024-41242 6.1 - Medium - August 07, 2024

A Reflected Cross Site Scripting (XSS) vulnerability was found in /smsa/student_login.php in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter.

XSS

Kashipara SMS View Class Unauth Access Control v3.2.0
CVE-2024-41244 5.3 - Medium - August 07, 2024

An Incorrect Access Control vulnerability was found in /smsa/view_class.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view CLASS details.

Unauth Access in Kashipara School Mgmt Sys v3.2.0 /smsa/view_marks.php
CVE-2024-41243 5.3 - Medium - August 07, 2024

An Incorrect Access Control vulnerability was found in /smsa/view_marks.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view MARKS details.

Unauth Access to TEACHER Data in Kashipara RSM 3.2.0 via view_teachers.php
CVE-2024-41245 5.3 - Medium - August 07, 2024

An Incorrect Access Control vulnerability was found in /smsa/view_teachers.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view TEACHER details.

Kashipara SMS Mgt Sys v3.2.0: IC Vulnerability in view_students.php allows UAC
CVE-2024-41250 5.3 - Medium - August 07, 2024

An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT details.

IC in Kashipara SMS v3.2.0: Remote Unauth Student Reg Approval
CVE-2024-41252 6.5 - Medium - August 07, 2024

An Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php and /smsa/admin_student_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve student registration.

IAC in Kashipara RMSS v3.2.0 allows unauthenticated teacher approval
CVE-2024-41251 6.5 - Medium - August 07, 2024

An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration.

Unauthorized Subject Detail View in Kashipara SMS v3.2.0
CVE-2024-41249 5.3 - Medium - August 07, 2024

An Incorrect Access Control vulnerability was found in /smsa/view_subject.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view SUBJECT details.

Unauth Access: /smsa/add_subject.php in Kashipara RSMVS 3.2.0 Adds Subject
CVE-2024-41248 5.3 - Medium - August 07, 2024

An Incorrect Access Control vulnerability was found in /smsa/add_subject.php and /smsa/add_subject_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new subject entry.

Unauthenticated class addition in Kashipara RMS v3.2.0 (add_class.php)
CVE-2024-41247 5.3 - Medium - August 07, 2024

An Incorrect Access Control vulnerability was found in /smsa/add_class.php and /smsa/add_class_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new class entry.

CVE-2024-41246: Unauth Remote Access to Admin Dashboard in Kashipara v3.2
CVE-2024-41246 5.3 - Medium - August 07, 2024

An Incorrect Access Control vulnerability was found in /smsa/admin_dashboard.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view administrator dashboard.