E Learning Management System
CVE-2024-54937
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets.
AnalysisAI
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets. Affected products include: Lopalopa E-Learning Management System.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
More in E Learning Management System
View allKashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php. Rated critical se
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php. Rated critic
A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote
A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remot
A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote
A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which
A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote att
Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.ph
A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which all
A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via th
A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the user
A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allow
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today