VYPR

Small CRM

by Phpgurukul

CVEs (25)

  • CVE-2025-11053HigSep 27, 2025
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in PHPGurukul Small CRM 4.0. This affects an unknown function of the file /forgot-password.php. Executing manipulation of the argument email can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the…

  • CVE-2025-10664HigSep 18, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /create-ticket.php. Executing manipulation of the argument subject can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and…

  • CVE-2025-10114HigSep 9, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /profile.php. The manipulation of the argument Name results in sql injection. The attack can be launched remotely. The exploit has been made public and could…

  • CVE-2025-10079HigSep 8, 2025
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this vulnerability is an unknown functionality of the file /get-quote.php. Executing manipulation of the argument Contact can lead to sql injection. The attack can be executed remotely. The exploit has been published…

  • CVE-2025-15390MedDec 31, 2025
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and…

  • CVE-2025-9834LowSep 2, 2025
    risk 0.23cvss 3.5epss 0.00

    A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /registration.php. Executing manipulation of the argument Username can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has…

  • CVE-2024-44647Nov 17, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via the aremark parameter in manage-tickets.php.

  • CVE-2024-44641Nov 17, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the oldpass parameter in change-password.php.

  • CVE-2024-44648Nov 17, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via id and adminremark parameters in quote-details.php.

  • CVE-2024-44644Nov 17, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the frm_id and aremark parameters in manage-tickets.php.

  • CVE-2025-50484Jul 28, 2025
    risk 0.00cvss epss 0.00

    Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0 allows attackers to execute a session hijacking attack.

  • CVE-2025-5227May 27, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in PHPGurukul Small CRM 3.0 and classified as critical. This issue affects some unknown processing of the file /admin/manage-tickets.php. The manipulation of the argument aremark leads to sql injection. The attack may be initiated remotely. The exploit…

  • CVE-2025-5226May 27, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in PHPGurukul Small CRM 3.0 and classified as critical. This vulnerability affects unknown code of the file /admin/change-password.php. The manipulation of the argument oldpass leads to sql injection. The attack can be initiated remotely. The…

  • CVE-2024-48170Feb 10, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload injected into the name in the profile.php.

  • CVE-2024-13001Dec 29, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in PHPGurukul Small CRM 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has…

  • CVE-2024-13000Dec 29, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in PHPGurukul Small CRM 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/quote-details.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has…

  • CVE-2024-12999Dec 29, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been found in PHPGurukul Small CRM 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been…

  • CVE-2024-3691Apr 12, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. Affected by this issue is some unknown functionality of the component Registration Page. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has…

  • CVE-2024-3690Apr 12, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been…

  • CVE-2023-50035Dec 29, 2023
    risk 0.00cvss epss 0.01

    PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed.

Page 1 of 2