CVE-2024-54922

A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt