Filtered by vendor Phpgurukul
Subscribe
Total
1050 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-51063 | 1 Phpgurukul | 1 Teachers Record Management System | 2025-03-31 | N/A | 9.1 CRITICAL |
|
Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection in add-teacher.php via the mobile number or email parameter.
|
|||||
| CVE-2024-48807 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2025-03-31 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability in PHPGurukul Doctor Appointment Management System v.1.0 allows a local attacker to execute arbitrary code via the search parameter.
|
|||||
| CVE-2024-46241 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2025-03-31 | N/A | 5.9 MEDIUM |
|
PHPGurukul Dairy Farm Shop Management System v1.1 is vulnerable to Cross-Site Scripting (XSS) via the pname parameter in add_product.php and edit_product.php.
|
|||||
| CVE-2024-46239 | 1 Phpgurukul | 1 Hospital Management System | 2025-03-31 | N/A | 5.9 MEDIUM |
|
Multiple cross-site scripting vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /doctor/edit-profile.php and adminremark parameter in /admin/query-details.php.
|
|||||
| CVE-2024-46238 | 1 Phpgurukul | 1 Hospital Management System | 2025-03-31 | N/A | 5.9 MEDIUM |
|
Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /admin/add-doctor.php and /admin/edit-doctor.php
|
|||||
| CVE-2024-48744 | 1 Phpgurukul | 1 Teachers Record Management System | 2025-03-31 | N/A | 6.1 MEDIUM |
|
A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request parameter.
|
|||||
| CVE-2024-48278 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-03-31 | N/A | 5.5 MEDIUM |
|
Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to Cross Site Request Forgery (CSRF) via /edit-profile.php.
|
|||||
| CVE-2024-48279 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-03-31 | N/A | 7.6 HIGH |
|
A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary HTML code via the searchkey parameter in a POST HTTP request.
|
|||||
| CVE-2024-48280 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-03-31 | N/A | 7.6 HIGH |
|
A SQL Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL command via the fromdate parameter in a POST HTTP request.
|
|||||
| CVE-2024-48282 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-03-31 | N/A | 7.6 HIGH |
|
A SQL Injection vulnerability was found in /password-recovery.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the femail parameter in a POST HTTP request.
|
|||||
| CVE-2024-40477 | 1 Phpgurukul | 1 Old Age Home Management System | 2025-03-31 | N/A | 9.8 CRITICAL |
|
A SQL injection vulnerability in "/oahms/admin/forgot-password.php" in PHPGurukul Old Age Home Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "email" parameter.
|
|||||
| CVE-2025-25462 | 1 Phpgurukul | 1 Land Record System | 2025-03-28 | N/A | 5.5 MEDIUM |
|
A SQL Injection vulnerability was found in /admin/add-propertytype.php in PHPGurukul Land Record System Project in PHP v1.0 allows remote attackers to execute arbitrary code via the propertytype POST request parameter.
|
|||||
| CVE-2025-28011 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-03-28 | N/A | 6.1 MEDIUM |
|
A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter.
|
|||||
| CVE-2025-28015 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-03-28 | N/A | 5.3 MEDIUM |
|
A HTML Injection vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary HTML code via the fname, lname, and contact parameters.
|
|||||
| CVE-2024-57686 | 1 Phpgurukul | 1 Land Record System | 2025-03-28 | N/A | 9.8 CRITICAL |
|
A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "pagetitle" parameter.
|
|||||
| CVE-2024-57687 | 1 Phpgurukul | 1 Land Record System | 2025-03-28 | N/A | 9.8 CRITICAL |
|
An OS Command Injection vulnerability was found in /landrecordsys/admin/dashboard.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "Cookie" GET request parameter.
|
|||||
| CVE-2025-25389 | 1 Phpgurukul | 1 Land Record System | 2025-03-28 | N/A | 9.8 CRITICAL |
|
A SQL Injection vulnerability was found in /admin/forgot-password.php in Phpgurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter.
|
|||||
| CVE-2025-25388 | 1 Phpgurukul | 1 Land Record System | 2025-03-28 | N/A | 9.8 CRITICAL |
|
A SQL Injection vulnerability was found in /admin/edit-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the editid GET request parameter.
|
|||||
| CVE-2025-25387 | 1 Phpgurukul | 1 Land Record System | 2025-03-28 | N/A | 7.2 HIGH |
|
A SQL Injection vulnerability was found in /admin/manage-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the propertytype POST request parameter.
|
|||||
| CVE-2022-46499 | 1 Phpgurukul | 1 Hospital Management System | 2025-03-28 | N/A | 8.8 HIGH |
|
Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_admin_view_single_patient.php.
|
|||||
| CVE-2022-46498 | 1 Phpgurukul | 1 Hospital Management System | 2025-03-28 | N/A | 2.7 LOW |
|
Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the doc_number parameter at his_admin_view_single_employee.php.
|
|||||
| CVE-2022-46497 | 1 Phpgurukul | 1 Hospital Management System | 2025-03-28 | N/A | 8.1 HIGH |
|
Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_doc_view_single_patien.php.
|
|||||
| CVE-2024-57175 | 1 Phpgurukul | 1 Online Birth Certificate System | 2025-03-28 | N/A | 5.4 MEDIUM |
|
A Stored Cross-Site Scripting (XSS) vulnerability was identified in the PHPGURUKUL Online Birth Certificate System v1.0 via the profile name to /user/certificate-form.php.
|
|||||
| CVE-2024-55104 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2025-03-28 | N/A | 7.2 HIGH |
|
Online Nurse Hiring System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component /admin/add-nurse.php via the gender and emailid parameters.
|
|||||
| CVE-2024-55103 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2025-03-28 | N/A | 7.2 HIGH |
|
Online Nurse Hiring System v1.0 was discovered to contain a SQL injection vulnerability in the component /admin/profile.php via the fullname parameter.
|
|||||
| CVE-2024-55100 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2025-03-28 | N/A | 4.8 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Online Nurse Hiring System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fullname parameter.
|
|||||
| CVE-2024-55232 | 1 Phpgurukul | 1 Online Notes Sharing Management System | 2025-03-28 | N/A | 5.4 MEDIUM |
|
An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to delete notes belonging to other accounts due to missing authorization checks. This flaw enables attackers to delete another user's information.
|
|||||
| CVE-2025-2674 | 1 Phpgurukul | 1 Bank Locker Management System | 2025-03-27 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability classified as critical was found in PHPGurukul Bank Locker Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-2383 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2025-03-27 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-2386 | 1 Phpgurukul | 1 Local Services Search Engine Management System | 2025-03-27 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was found in PHPGurukul Local Services Search Engine Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /serviceman-search.php. The manipulation of the argument location leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-2681 | 1 Phpgurukul | 1 Bank Locker Management System | 2025-03-27 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /edit-locker.php?ltid=6. The manipulation of the argument lockersize leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-2683 | 1 Phpgurukul | 1 Bank Locker Management System | 2025-03-27 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability classified as critical was found in PHPGurukul Bank Locker Management System 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-2687 | 1 Phpgurukul | 1 Elearning System | 2025-03-27 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical has been found in PHPGurukul eLearning System 1.0. Affected is an unknown function of the file /user/index.php of the component Image Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-50989 | 1 Phpgurukul | 1 Online Marriage Registration System | 2025-03-27 | N/A | 9.8 CRITICAL |
|
A SQL injection vulnerability in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System v1.0 allows an attacker to execute arbitrary SQL commands via the "searchdata " parameter.
|
|||||
| CVE-2023-38920 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2025-03-27 | N/A | 4.8 MEDIUM |
|
Cross Site Scripting vulnerability in Cyber Cafe Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the adminname parameter.
|
|||||
| CVE-2024-50843 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-03-27 | N/A | 5.3 MEDIUM |
|
A Directory listing issue was found in PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers attacker to access sensitive files and directories via /loginsystem/assets.
|
|||||
| CVE-2024-53365 | 1 Phpgurukul | 1 Vehicle Parking Management System | 2025-03-27 | N/A | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability was identified in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/profile.php. This vulnerability allows authenticated users to inject malicious XSS scripts into the profile name field.
|
|||||
| CVE-2024-53603 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2025-03-27 | N/A | 7.3 HIGH |
|
A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter.
|
|||||
| CVE-2024-53604 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2025-03-27 | N/A | 9.8 CRITICAL |
|
A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the mobnumber POST request parameter.
|
|||||
| CVE-2024-51054 | 1 Phpgurukul | 1 Online Marriage Registration System | 2025-03-27 | N/A | 4.8 MEDIUM |
|
A Cross Site Scriptng (XSS) vulnerability was found in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" POST request parameter.
|
|||||