PT-2024-34439 · Unknown · Kashipara E-Learning Management System Project

Published

2024-11-14

Updated

2024-11-15

CVE-2024-50840

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions: KASHIPARA E-learning Management System Project version 1.0

Description: A Stored Cross-Site Scripting (XSS) issue was found in the /admin/class.php file, allowing remote attackers to execute arbitrary scripts via the class name parameter. This vulnerability enables code execution in the KASHIPARA E-learning System.

Recommendations: For KASHIPARA E-learning Management System Project version 1.0, consider disabling access to the /admin/class.php file or restricting the use of the class name parameter until a patch is available. Avoid using the class name parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2024-50840

Affected Products

Kashipara E-Learning Management System Project

PT-2024-34439 · Unknown · Kashipara E-Learning Management System Project

CVE-2024-50840

Weakness Enumeration

Related Identifiers

Affected Products

References · 6