Hostel Management System
by Phpgurukul
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-6155 | Hig | 0.47 | 7.3 | 0.00 | Jun 17, 2025 | A vulnerability was found in PHPGurukul Hostel Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /includes/login-hm.inc.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack… | ||
| CVE-2025-6154 | Hig | 0.47 | 7.3 | 0.00 | Jun 17, 2025 | A vulnerability was found in PHPGurukul Hostel Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /includes/login.inc.php. The manipulation of the argument student_roll_no leads to sql injection. The attack may be initiated… | ||
| CVE-2025-6153 | Hig | 0.47 | 7.3 | 0.00 | Jun 17, 2025 | A vulnerability has been found in PHPGurukul Hostel Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/students.php. The manipulation of the argument search_box leads to sql injection. The attack can be initiated… | ||
| CVE-2025-13577 | Low | 0.23 | 3.5 | 0.00 | Nov 24, 2025 | A flaw has been found in PHPGurukul Hostel Management System 2.1. The impacted element is an unknown function of the file /register-complaint.php. Executing a manipulation of the argument cdetails can lead to cross site scripting. It is possible to launch the attack remotely.… | ||
| CVE-2020-25270 | 0.03 | — | 0.03 | Oct 8, 2020 | PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City. | |||
| CVE-2025-63611 | 0.00 | — | 0.00 | Jan 8, 2026 | Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer (/admin/complaint-details.php?cid=). When an administrator… | |||
| CVE-2025-28129 | 0.00 | — | 0.00 | Oct 6, 2025 | Phpgurukul Hostel Management System 2.1 is vulnerable to clickjacking. | |||
| CVE-2025-45953 | 0.00 | — | 0.00 | Apr 28, 2025 | A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely | |||
| CVE-2023-34647 | 0.00 | — | 0.00 | Jun 28, 2023 | PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS). | |||
| CVE-2023-34652 | 0.00 | — | 0.00 | Jun 28, 2023 | PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course. | |||
| CVE-2020-5510 | 0.00 | — | 0.02 | Jan 8, 2020 | PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file. |
- risk 0.47cvss 7.3epss 0.00
A vulnerability was found in PHPGurukul Hostel Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /includes/login-hm.inc.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was found in PHPGurukul Hostel Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /includes/login.inc.php. The manipulation of the argument student_roll_no leads to sql injection. The attack may be initiated…
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in PHPGurukul Hostel Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/students.php. The manipulation of the argument search_box leads to sql injection. The attack can be initiated…
- risk 0.23cvss 3.5epss 0.00
A flaw has been found in PHPGurukul Hostel Management System 2.1. The impacted element is an unknown function of the file /register-complaint.php. Executing a manipulation of the argument cdetails can lead to cross site scripting. It is possible to launch the attack remotely.…
- CVE-2020-25270Oct 8, 2020risk 0.03cvss —epss 0.03
PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City.
- CVE-2025-63611Jan 8, 2026risk 0.00cvss —epss 0.00
Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer (/admin/complaint-details.php?cid=). When an administrator…
- CVE-2025-28129Oct 6, 2025risk 0.00cvss —epss 0.00
Phpgurukul Hostel Management System 2.1 is vulnerable to clickjacking.
- CVE-2025-45953Apr 28, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely
- CVE-2023-34647Jun 28, 2023risk 0.00cvss —epss 0.00
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).
- CVE-2023-34652Jun 28, 2023risk 0.00cvss —epss 0.00
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course.
- CVE-2020-5510Jan 8, 2020risk 0.00cvss —epss 0.02
PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.