Kashipara E-learning Management System Vulnerable to SQL Injection
CVE-2024-54927

7.2HIGH

Key Information:

Vendor: Kashipara
Status: E-learning Management System
Vendor: CVE Published:; 9 December 2024

What is CVE-2024-54927?

The Kashipara E-learning Management System version 1.0 has a security flaw that allows an SQL injection attack through the /admin/delete_users.php endpoint. This vulnerability can be exploited by attackers to execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive user data and manipulation of the system database.

References

https://github.com/m14r41/Writeups/blob/main/CVE/Kashipar...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2024

CVE-2024-54927 Data

JSON