CVE-2024-54938

Name of the Vulnerable Software and Affected Versions Kashipara E-Learning Management System version 1.0

Description A Directory Listing issue was found in Kashipara E-Learning Management System, which allows remote attackers to access sensitive files and directories via the "/admin/uploads" API endpoint. This issue enables remote attackers to view important files and directories.

Recommendations As a temporary workaround, consider restricting access to the "/admin/uploads" API endpoint until a patch is available. Avoid using the vulnerable version of the Kashipara E-Learning Management System until an update is released. Update to a newer version of the Kashipara E-Learning Management System that addresses the Directory Listing issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.