Filtered by vendor Phpgurukul
Subscribe
Total
1050 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10106 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt.
|
|||||
| CVE-2024-48284 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2024-11-19 | N/A | 4.8 MEDIUM |
|
A Reflected Cross-Site Scripting (XSS) vulnerability was found in the /search-result.php page of the PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary scripts via the searchkey parameter in a POST HTTP request.
|
|||||
| CVE-2024-10753 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-06 | 4.0 MEDIUM | 5.4 MEDIUM |
|
A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been declared as problematic. This vulnerability affects unknown code of the file admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data_two_headers.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10768 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-06 | 4.0 MEDIUM | 5.4 MEDIUM |
|
A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/two_tables.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10743 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been classified as problematic. Affected is an unknown function of the file /shopping/admin/assets/plugins/DataTables/examples/examples_support/editable_ajax.php. The manipulation of the argument value leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10744 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/complex_header_2.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10745 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/deferred_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10746 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0. This affects an unknown part of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data.php. The manipulation of the argument scripts leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10747 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data_th.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10754 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dymanic_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10755 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0. Affected is an unknown function of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/empty_table.php. The manipulation of the argument scripts leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10756 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/html_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10757 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability, which was classified as problematic, has been found in PHPGurukul Online Shopping Portal 2.0. Affected by this issue is some unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/js_data.php. The manipulation of the argument scripts leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10701 | 1 Phpgurukul | 1 Car Rental Portal | 2024-11-05 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability was found in PHPGurukul Car Rental Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-51076 | 1 Phpgurukul | 1 Online Dj Booking Management System | 2024-11-04 | N/A | 6.1 MEDIUM |
|
A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/booking-search.php in PHPGurukul Online DJ Booking Management System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter.
|
|||||
| CVE-2024-51075 | 1 Phpgurukul | 1 Online Dj Booking Management System | 2024-11-04 | N/A | 6.1 MEDIUM |
|
A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/user-search.php in PHPGurukul Online DJ Booking Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata parameter.
|
|||||
| CVE-2024-51181 | 1 Phpgurukul | 1 Ifsc Code Finder | 2024-11-04 | N/A | 6.1 MEDIUM |
|
A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/admin/profile.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via " searchifsccode" parameter.
|
|||||
| CVE-2024-51180 | 1 Phpgurukul | 1 Ifsc Code Finder | 2024-11-04 | N/A | 6.1 MEDIUM |
|
A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/index.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via the "searchifsccode" parameter.
|
|||||
| CVE-2024-10331 | 1 Phpgurukul | 1 Vehicle Record System | 2024-11-01 | 6.5 MEDIUM | 8.8 HIGH |
|
A vulnerability, which was classified as critical, has been found in PHPGurukul Vehicle Record System 1.0. This issue affects some unknown processing of the file /admin/search-vehicle.php. The manipulation of the argument searchinputdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10414 | 1 Phpgurukul | 1 Vehicle Record System | 2024-10-29 | 3.3 LOW | 4.8 MEDIUM |
|
A vulnerability, which was classified as problematic, was found in PHPGurukul Vehicle Record System 1.0. This affects an unknown part of the file /admin/edit-brand.php. The manipulation of the argument Brand Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions the parameter "phone_number" to be affected. But this might be a mistake because the textbox field label ...
Show More |
|||||
| CVE-2024-48570 | 1 Phpgurukul | 1 Client Management System | 2024-10-25 | N/A | 7.5 HIGH |
|
Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php.
|
|||||
| CVE-2024-10298 | 1 Phpgurukul | 1 Medical Card Generation System | 2024-10-25 | 5.8 MEDIUM | 7.2 HIGH |
|
A vulnerability classified as critical has been found in PHPGurukul Medical Card Generation System 1.0. This affects an unknown part of the file /admin/edit-card-detail.php of the component Managecard Edit Card Detail Page. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10299 | 1 Phpgurukul | 1 Medical Card Generation System | 2024-10-25 | 5.8 MEDIUM | 7.2 HIGH |
|
A vulnerability classified as critical was found in PHPGurukul Medical Card Generation System 1.0. This vulnerability affects unknown code of the file /admin/view-card-detail.php of the component Managecard View Detail Page. The manipulation of the argument viewid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10300 | 1 Phpgurukul | 1 Medical Card Generation System | 2024-10-25 | 5.8 MEDIUM | 7.2 HIGH |
|
A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /admin/view-enquiry.php of the component View Enquiry Page. The manipulation of the argument viewid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10301 | 1 Phpgurukul | 1 Medical Card Generation System | 2024-10-25 | 5.8 MEDIUM | 7.2 HIGH |
|
A vulnerability, which was classified as critical, was found in PHPGurukul Medical Card Generation System 1.0. Affected is an unknown function of the file /admin/search-medicalcard.php of the component Search. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-46237 | 1 Phpgurukul | 1 Hospital Management System | 2024-10-22 | N/A | 5.4 MEDIUM |
|
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php.
|
|||||
| CVE-2024-10192 | 1 Phpgurukul | 1 Ifsc Code Finder | 2024-10-22 | 4.0 MEDIUM | 5.4 MEDIUM |
|
A vulnerability has been found in PHPGurukul IFSC Code Finder Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file search.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10154 | 1 Phpgurukul | 1 Boat Booking System | 2024-10-22 | 6.5 MEDIUM | 9.8 CRITICAL |
|
A vulnerability was found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file status.php of the component Check Booking Status Page. The manipulation of the argument emailid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10155 | 1 Phpgurukul | 1 Boat Booking System | 2024-10-22 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been classified as problematic. This affects an unknown part of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument phone_number leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10156 | 1 Phpgurukul | 1 Boat Booking System | 2024-10-22 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Sign In Page. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10158 | 1 Phpgurukul | 1 Boat Booking System | 2024-10-22 | 5.0 MEDIUM | 8.8 HIGH |
|
A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0. Affected is the function session_start. The manipulation leads to session fixiation. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10159 | 1 Phpgurukul | 1 Boat Booking System | 2024-10-22 | 7.5 HIGH | 7.2 HIGH |
|
A vulnerability classified as critical was found in PHPGurukul Boat Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/profile.php of the component My Profile Page. The manipulation of the argument sadminusername/fullname/emailid/mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "mobilenumber" to be affect ...
Show More |
|||||
| CVE-2024-10160 | 1 Phpgurukul | 1 Boat Booking System | 2024-10-22 | 6.5 MEDIUM | 8.8 HIGH |
|
A vulnerability, which was classified as critical, has been found in PHPGurukul Boat Booking System 1.0. Affected by this issue is some unknown functionality of the file /admin/bwdates-report-details.php of the component BW Dates Report Page. The manipulation of the argument fdate/tdate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "fdate" to be affected. But i ...
Show More |
|||||
| CVE-2024-10191 | 1 Phpgurukul | 1 Boat Booking System | 2024-10-22 | 4.0 MEDIUM | 4.8 MEDIUM |
|
A vulnerability, which was classified as problematic, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file /admin/book-details.php of the component Booking Details Page. The manipulation of the argument Official Remark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10162 | 1 Phpgurukul | 1 Boat Booking System | 2024-10-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-subadmin.php of the component Edit Subdomain Details Page. The manipulation of the argument sadminusername/fullname/emailid/mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "mobilenumber" to ...
Show More |
|||||
| CVE-2024-10161 | 1 Phpgurukul | 1 Boat Booking System | 2024-10-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file change-image.php of the component Update Boat Image Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-9326 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-10-02 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability classified as critical was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /shopping/admin/index.php of the component Admin Panel. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-8463 | 1 Phpgurukul | 1 Job Portal | 2024-09-12 | N/A | 8.8 HIGH |
|
File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell.
|
|||||
| CVE-2024-8473 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | N/A | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through user_email parameter in /jobportal/admin/login.php.
|
|||||
| CVE-2024-8472 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | N/A | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through multiple parameters in /jobportal/index.php.
|
|||||