Skip to main content

E Learning Management System CVE-2024-54937

MEDIUM
Out-of-bounds Read (CWE-125)
2024-12-09 cve@mitre.org
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 09, 2024 - 14:15 nvd
MEDIUM 5.3

DescriptionNVD

A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets.

AnalysisAI

A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets. Affected products include: Lopalopa E-Learning Management System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2024-54934 CRITICAL POC
9.8 Dec 09

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php. Rated critical se

CVE-2024-54932 CRITICAL POC
9.8 Dec 09

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php. Rated critic

CVE-2024-54931 CRITICAL POC
9.8 Dec 09

A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote

CVE-2024-54925 CRITICAL POC
9.8 Dec 09

A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remot

CVE-2024-54924 CRITICAL POC
9.8 Dec 09

A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote

CVE-2024-54923 CRITICAL POC
9.8 Dec 09

A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which

CVE-2024-54921 CRITICAL POC
9.8 Dec 09

A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote att

CVE-2024-54918 CRITICAL POC
9.8 Dec 09

Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.ph

CVE-2024-54920 CRITICAL POC
9.8 Dec 09

A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which all

CVE-2024-50823 CRITICAL POC
9.8 Nov 14

A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via th

CVE-2024-50833 CRITICAL POC
9.8 Nov 14

A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the user

CVE-2024-54926 HIGH POC
8.8 Dec 09

A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allow

Share

CVE-2024-54937 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy