← Back

Jayesh

jayesh

18 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Hotel Management System
hotel_management_system
14 CVEs
Online Exam System
online_exam_system
4 CVEs

CVEs (18)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-51567
1Jayesh
1Online Exam System
Jan 16, 2026
Jan 12, 2026
N/A· v4
9.1 CRITICAL· v3
N/A· v2
A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollag...Show more
A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request.Show less
CVE-2024-42773
1Jayesh
1Hotel Management System
Apr 30, 2025
Aug 22, 2024
N/A· v4
9.1 CRITICAL· v3
N/A· v2
An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the admin...Show more
An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the administrator section.Show less
CVE-2024-42767
1Jayesh
1Hotel Management System
Apr 30, 2025
Aug 22, 2024
N/A· v4
7.2 HIGH· v3
N/A· v2
Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php.
CVE-2024-42776
1Jayesh
1Hotel Management System
Apr 30, 2025
Aug 22, 2024
N/A· v4
7.2 HIGH· v3
N/A· v2
Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php.
CVE-2024-42775
1Jayesh
1Hotel Management System
Apr 30, 2025
Aug 22, 2024
N/A· v4
9.1 CRITICAL· v3
N/A· v2
An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the adminis...Show more
An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access.Show less
CVE-2024-42774
1Jayesh
1Hotel Management System
Apr 30, 2025
Aug 22, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator se...Show more
An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section.Show less
CVE-2024-42772
1Jayesh
1Hotel Management System
Apr 30, 2025
Aug 22, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section.
CVE-2024-42768
1Jayesh
1Hotel Management System
Apr 30, 2025
Aug 22, 2024
N/A· v4
6.8 MEDIUM· v3
N/A· v2
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php.
CVE-2024-42771
1Jayesh
1Hotel Management System
Apr 30, 2025
Aug 22, 2024
N/A· v4
4.8 MEDIUM· v3
N/A· v2
A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" par...Show more
A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" parameter.Show less
CVE-2024-42770
1Jayesh
1Hotel Management System
Apr 30, 2025
Aug 22, 2024
N/A· v4
4.7 MEDIUM· v3
N/A· v2
A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the "user_email" parameter.
CVE-2024-42769
1Jayesh
1Hotel Management System
Apr 30, 2025
Aug 22, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "user_fname" and "user_lna...Show more
A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "user_fname" and "user_lname" parameters.Show less
CVE-2024-40480
1Jayesh
1Online Exam System
Mar 14, 2025
Aug 12, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete...Show more
A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access.Show less
CVE-2024-40479
1Jayesh
1Online Exam System
Nov 19, 2025
Aug 12, 2024
N/A· v4
8.1 HIGH· v3
N/A· v2
A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allows remote attackers to execute arbitrary SQL commands via the "eid" parameter.
CVE-2024-40478
1Jayesh
1Online Exam System
Mar 13, 2025
Aug 12, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields
CVE-2023-49272
1Jayesh
1Hotel Management System
Dec 5, 2025
Dec 20, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text betwee...Show more
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.Show less
CVE-2023-49271
1Jayesh
1Hotel Management System
Jan 6, 2026
Dec 20, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied into the HTML document as plain text...Show more
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.Show less
CVE-2023-49270
1Jayesh
1Hotel Management System
Jan 6, 2026
Dec 20, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied into the HTML document as plain text b...Show more
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.Show less
CVE-2023-49269
1Jayesh
1Hotel Management System
Jan 6, 2026
Dec 20, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'adults' parameter of the reservation.php resource is copied into the HTML document as plain text between...Show more
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'adults' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.Show less