CVE-2024-54924

CRITICAL

kashipara E-learning Management System 1.0 - SQL Injection via edit_content.php title and content parameters

Title source: llm
STIX 2.1

Description

A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters.

Scores

CVSS v3 9.8
EPSS 0.0057
EPSS Percentile 43.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
lopalopa/e-learning_management_system 1.0
Published Dec 09, 2024
Tracked Since Feb 18, 2026