Vehicle Parking Management System
by Phpgurukul
CVEs (60)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-45885 | 0.00 | — | 0.00 | May 9, 2025 | PHPGURUKUL Vehicle Parking Management System v1.13 is vulnerable to SQL injection in the /vpms/users/login.php file. Attackers can inject malicious code from the parameter 'emailcont' and use it directly in SQL queries. | |||
| CVE-2025-4153 | 0.00 | — | 0.00 | May 1, 2025 | A vulnerability classified as critical was found in PHPGurukul Park Ticketing Management System 2.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument adminname leads to sql injection. The attack can be launched… | |||
| CVE-2025-45015 | 0.00 | — | 0.00 | Apr 30, 2025 | A Cross-Site Scripting (XSS) vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. The vulnerability allows remote attackers to inject arbitrary JavaScript code via the fromdate and todate parameters. | |||
| CVE-2025-45010 | 0.00 | — | 0.00 | Apr 30, 2025 | A HTML Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the fromdate and todate POST request parameters. | |||
| CVE-2025-45011 | 0.00 | — | 0.00 | Apr 30, 2025 | A HTML Injection vulnerability was discovered in the foreigner-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata POST request parameter. | |||
| CVE-2025-45018 | 0.00 | — | 0.00 | Apr 30, 2025 | A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter. | |||
| CVE-2025-45009 | 0.00 | — | 0.00 | Apr 30, 2025 | A HTML Injection vulnerability was discovered in the normal-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata parameter. | |||
| CVE-2025-45017 | 0.00 | — | 0.01 | Apr 30, 2025 | A SQL injection vulnerability was discovered in edit-ticket.php of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the tprice POST request parameter. | |||
| CVE-2025-45020 | 0.00 | — | 0.00 | Apr 30, 2025 | A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter in a POST request. | |||
| CVE-2025-45019 | 0.00 | — | 0.00 | Apr 30, 2025 | A SQL injection vulnerability was discovered in /add-foreigners-ticket.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the cprice POST request parameter. | |||
| CVE-2025-29641 | 0.00 | — | 0.00 | Mar 21, 2025 | Phpgurukul Vehicle Record Management System v1.0 is vulnerable to SQL Injection in /index.php via the 'searchinputdata' parameter. | |||
| CVE-2024-54811 | 0.00 | — | 0.01 | Dec 12, 2024 | A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "login" parameter. | |||
| CVE-2024-53364 | 0.00 | — | 0.00 | Dec 2, 2024 | A SQL injection vulnerability was found in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/view-detail.php. This vulnerability affects the viewid parameter, where improper input sanitization allows attackers to inject malicious SQL queries. | |||
| CVE-2024-53365 | 0.00 | — | 0.00 | Nov 26, 2024 | A stored cross-site scripting (XSS) vulnerability was identified in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/profile.php. This vulnerability allows authenticated users to inject malicious XSS scripts into the profile name field. | |||
| CVE-2024-46531 | 0.00 | — | 0.00 | Oct 30, 2024 | phpgurukul Vehicle Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchinputdata parameter at /index.php. | |||
| CVE-2023-26959 | 0.00 | — | 0.01 | Mar 27, 2023 | Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name parameter. | |||
| CVE-2023-26958 | 0.00 | — | 0.00 | Mar 27, 2023 | Phpgurukul Park Ticketing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Admin Name parameter. | |||
| CVE-2021-37806 | 0.00 | — | 0.02 | Oct 27, 2021 | An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for a number of seconds used… | |||
| CVE-2021-37805 | 0.00 | — | 0.01 | Oct 27, 2021 | A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint. | |||
| CVE-2020-23936 | 0.00 | — | 0.01 | Aug 20, 2020 | PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)". |
- CVE-2025-45885May 9, 2025risk 0.00cvss —epss 0.00
PHPGURUKUL Vehicle Parking Management System v1.13 is vulnerable to SQL injection in the /vpms/users/login.php file. Attackers can inject malicious code from the parameter 'emailcont' and use it directly in SQL queries.
- CVE-2025-4153May 1, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as critical was found in PHPGurukul Park Ticketing Management System 2.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument adminname leads to sql injection. The attack can be launched…
- CVE-2025-45015Apr 30, 2025risk 0.00cvss —epss 0.00
A Cross-Site Scripting (XSS) vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. The vulnerability allows remote attackers to inject arbitrary JavaScript code via the fromdate and todate parameters.
- CVE-2025-45010Apr 30, 2025risk 0.00cvss —epss 0.00
A HTML Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the fromdate and todate POST request parameters.
- CVE-2025-45011Apr 30, 2025risk 0.00cvss —epss 0.00
A HTML Injection vulnerability was discovered in the foreigner-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata POST request parameter.
- CVE-2025-45018Apr 30, 2025risk 0.00cvss —epss 0.00
A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter.
- CVE-2025-45009Apr 30, 2025risk 0.00cvss —epss 0.00
A HTML Injection vulnerability was discovered in the normal-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata parameter.
- CVE-2025-45017Apr 30, 2025risk 0.00cvss —epss 0.01
A SQL injection vulnerability was discovered in edit-ticket.php of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the tprice POST request parameter.
- CVE-2025-45020Apr 30, 2025risk 0.00cvss —epss 0.00
A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter in a POST request.
- CVE-2025-45019Apr 30, 2025risk 0.00cvss —epss 0.00
A SQL injection vulnerability was discovered in /add-foreigners-ticket.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the cprice POST request parameter.
- CVE-2025-29641Mar 21, 2025risk 0.00cvss —epss 0.00
Phpgurukul Vehicle Record Management System v1.0 is vulnerable to SQL Injection in /index.php via the 'searchinputdata' parameter.
- CVE-2024-54811Dec 12, 2024risk 0.00cvss —epss 0.01
A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "login" parameter.
- CVE-2024-53364Dec 2, 2024risk 0.00cvss —epss 0.00
A SQL injection vulnerability was found in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/view-detail.php. This vulnerability affects the viewid parameter, where improper input sanitization allows attackers to inject malicious SQL queries.
- CVE-2024-53365Nov 26, 2024risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability was identified in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/profile.php. This vulnerability allows authenticated users to inject malicious XSS scripts into the profile name field.
- CVE-2024-46531Oct 30, 2024risk 0.00cvss —epss 0.00
phpgurukul Vehicle Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchinputdata parameter at /index.php.
- CVE-2023-26959Mar 27, 2023risk 0.00cvss —epss 0.01
Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name parameter.
- CVE-2023-26958Mar 27, 2023risk 0.00cvss —epss 0.00
Phpgurukul Park Ticketing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Admin Name parameter.
- CVE-2021-37806Oct 27, 2021risk 0.00cvss —epss 0.02
An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for a number of seconds used…
- CVE-2021-37805Oct 27, 2021risk 0.00cvss —epss 0.01
A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint.
- CVE-2020-23936Aug 20, 2020risk 0.00cvss —epss 0.01
PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".
Page 3 of 3