Filtered by vendor Phpgurukul
Subscribe
Total
1050 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-0547 | 1 Phpgurukul | 1 Online Course Registration | 2026-01-15 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registration Page. The manipulation of the argument photo results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used.
|
|||||
| CVE-2025-63611 | 1 Phpgurukul | 1 Hostel Management System | 2026-01-12 | N/A | 8.7 HIGH |
|
Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer (/admin/complaint-details.php?cid=<id>). When an administrator opens the complaint, injected HTML/JavaScript executes in the admin's browser.
|
|||||
| CVE-2025-15406 | 1 Phpgurukul | 1 Online Course Registration | 2026-01-06 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used.
|
|||||
| CVE-2025-45805 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2025-12-16 | N/A | 7.6 HIGH |
|
In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment.
|
|||||
| CVE-2023-38890 | 1 Phpgurukul | 1 Online Shopping Portal | 2025-12-08 | N/A | 8.8 HIGH |
|
Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks.
|
|||||
| CVE-2025-65379 | 1 Phpgurukul | 1 Billing System | 2025-12-04 | N/A | 6.5 MEDIUM |
|
PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the /admin/password-recovery.php endpoint. Specifically, the username and mobileno parameters accepts unvalidated user input, which is then concatenated directly into a backend SQL query.
|
|||||
| CVE-2025-65380 | 1 Phpgurukul | 1 Billing System | 2025-12-04 | N/A | 6.5 MEDIUM |
|
PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query.
|
|||||
| CVE-2025-65647 | 1 Phpgurukul | 1 Online Shopping Portal | 2025-12-01 | N/A | 4.3 MEDIUM |
|
Insecure Direct Object Reference (IDOR) in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter.
|
|||||
| CVE-2025-63955 | 1 Phpgurukul | 1 Student Record System | 2025-11-20 | N/A | 7.5 HIGH |
|
A Cross-Site Request Forgery (CSRF) vulnerability in the manage-students.php component of PHPGurukul Student Record System v3.2 allows an attacker to trick an authenticated administrator into submitting a forged request. This leads to the unauthorized deletion of user accounts, causing a Denial of Service (DoS).
|
|||||
| CVE-2024-44641 | 1 Phpgurukul | 1 Small Crm | 2025-11-19 | N/A | 6.5 MEDIUM |
|
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the oldpass parameter in change-password.php.
|
|||||
| CVE-2024-44644 | 1 Phpgurukul | 1 Small Crm | 2025-11-19 | N/A | 6.5 MEDIUM |
|
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the frm_id and aremark parameters in manage-tickets.php.
|
|||||
| CVE-2024-44647 | 1 Phpgurukul | 1 Small Crm | 2025-11-19 | N/A | 6.1 MEDIUM |
|
PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via the aremark parameter in manage-tickets.php.
|
|||||
| CVE-2024-44648 | 1 Phpgurukul | 1 Small Crm | 2025-11-19 | N/A | 6.5 MEDIUM |
|
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via id and adminremark parameters in quote-details.php.
|
|||||
| CVE-2024-44657 | 1 Phpgurukul | 1 Complaint Management System | 2025-11-19 | N/A | 6.5 MEDIUM |
|
PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the fromdate and todate parameters in between-date-userreport.php.
|
|||||
| CVE-2024-46335 | 1 Phpgurukul | 1 Complaint Management System | 2025-11-19 | N/A | 4.6 MEDIUM |
|
PHPGurukul Complaint Management System 2.0 is vulnerble to Cross Site Scripting (XSS) via the fromdate and todate parameters in between-date-userreport.php.
|
|||||
| CVE-2024-44654 | 1 Phpgurukul | 1 Complaint Management System | 2025-11-18 | N/A | 6.5 MEDIUM |
|
PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the email and mobileno parameters in reset-password.php.
|
|||||
| CVE-2024-44655 | 1 Phpgurukul | 1 Complaint Management System | 2025-11-18 | N/A | 6.1 MEDIUM |
|
PHPGurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) via the search parameter in user-search.php.
|
|||||
| CVE-2024-44658 | 1 Phpgurukul | 1 Complaint Management System | 2025-11-18 | N/A | 6.5 MEDIUM |
|
PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the subcategory and category parameters in subcategory.php.
|
|||||
| CVE-2024-44660 | 1 Phpgurukul | 1 Online Shopping Portal | 2025-11-18 | N/A | 6.5 MEDIUM |
|
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the fullname, emailid, and contactno parameters in login.php.
|
|||||
| CVE-2024-44662 | 1 Phpgurukul | 1 Online Shopping Portal | 2025-11-18 | N/A | 6.5 MEDIUM |
|
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the username parameter in the admin page.
|
|||||
| CVE-2024-44663 | 1 Phpgurukul | 1 Online Shopping Portal | 2025-11-18 | N/A | 6.5 MEDIUM |
|
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the product parameter in search-result.php.
|
|||||
| CVE-2024-44659 | 1 Phpgurukul | 1 Online Shopping Portal | 2025-11-18 | N/A | 9.8 CRITICAL |
|
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the email parameter in forgot-password.php.
|
|||||
| CVE-2024-44661 | 1 Phpgurukul | 1 Online Shopping Portal | 2025-11-18 | N/A | 5.4 MEDIUM |
|
PHPGurukul Online Shopping Portal 2.0 is vulnerable to Cross Site Scripting (XSS) via the quantity parameter in my-cart.php.
|
|||||
| CVE-2024-44664 | 1 Phpgurukul | 1 Online Shopping Portal | 2025-11-18 | N/A | 6.5 MEDIUM |
|
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the name, summary, review, quality, price, and value parameters in product-details.php.
|
|||||
| CVE-2024-44635 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | N/A | 6.1 MEDIUM |
|
PHPGurukul Student Record System 3.20 is vulnerable to Cross Site Scripting (XSS) via adminname and aemailid parameters in /admin-profile.php.
|
|||||
| CVE-2024-44636 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | N/A | 6.5 MEDIUM |
|
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the adminname and aemailid parameters in /admin-profile.php.
|
|||||
| CVE-2024-44639 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | N/A | 6.5 MEDIUM |
|
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the sub1, sub2, sub3, sub4, and course-short parameters in add-subject.php.
|
|||||
| CVE-2024-44640 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | N/A | 6.5 MEDIUM |
|
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the course-short, course-full, and cdate parameters in add-course.php.
|
|||||
| CVE-2024-55016 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | N/A | 6.5 MEDIUM |
|
PHPGurukul Student Record Management System 3.20 is vulnerable to SQL Injection via the id and password parameters in login.php.
|
|||||
| CVE-2024-44630 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | N/A | 6.5 MEDIUM |
|
Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income, category, ph, country, state, city, padd, cadd, and gender.
|
|||||
| CVE-2024-44632 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | N/A | 6.5 MEDIUM |
|
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the id and emailid parameters in password-recovery.php.
|
|||||
| CVE-2024-44633 | 1 Phpgurukul | 1 Student Record System | 2025-11-17 | N/A | 6.5 MEDIUM |
|
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the currentpassword parameter in change-password.php.
|
|||||
| CVE-2025-4696 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2025-11-13 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-4695 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2025-11-13 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add-users.php. The manipulation of the argument uadd leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2022-35156 | 1 Phpgurukul | 1 Bus Pass Management System | 2025-11-12 | N/A | 9.8 CRITICAL |
|
Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php..
|
|||||
| CVE-2022-35155 | 1 Phpgurukul | 1 Bus Pass Management System | 2025-11-12 | N/A | 6.1 MEDIUM |
|
Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter.
|
|||||
| CVE-2025-3146 | 1 Phpgurukul | 1 Bus Pass Management System | 2025-11-11 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability, which was classified as critical, was found in PHPGurukul Bus Pass Management System 1.0. This affects an unknown part of the file /view-pass-detail.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2020-5510 | 1 Phpgurukul | 1 Hostel Management System | 2025-11-11 | 10.0 HIGH | 9.8 CRITICAL |
|
PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.
|
|||||
| CVE-2023-36375 | 1 Phpgurukul | 1 Hostel Management System | 2025-11-11 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page.
|
|||||
| CVE-2025-12615 | 1 Phpgurukul | 1 News Portal | 2025-11-10 | 5.1 MEDIUM | 5.0 MEDIUM |
|
A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRET_KEY leads to use of hard-coded cryptographic key
. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used.
|
|||||