Arbitrary SQL Command Execution Vulnerability in E-learning Management System v1.0
CVE-2024-54924

Currently unrated

Key Information:

Vendor: kashipara
Status: E-learning Management System
Vendor: CVE Published:; 9 December 2024

What is CVE-2024-54924?

A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters.

References

https://github.com/m14r41/Writeups/blob/main/CVE/Kashipar...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2024