Medical Card Generation System
by Phpgurukul
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-50367 | 0.00 | — | 0.00 | Jun 27, 2025 | A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript. | |||
| CVE-2025-50370 | 0.00 | — | 0.00 | Jun 27, 2025 | A Cross-Site Request Forgery (CSRF) vulnerability exists in the Inquiry Management functionality /mcgs/admin/readenq.php of the Phpgurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authenticated admin to delete inquiry records via a simple GET request, without requiring a CSRF token or validating the origin of the request. | |||
| CVE-2025-50369 | 0.00 | — | 0.00 | Jun 27, 2025 | A Cross-Site Request Forgery (CSRF) vulnerability exists in the Manage Card functionality (/mcgs/admin/manage-card.php) of PHPGurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authorized admin to delete medical card records by sending a simple GET request without verifying the origin of the request. | |||
| CVE-2025-5670 | 0.00 | — | 0.00 | Jun 5, 2025 | A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /admin/manage-card.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||
| CVE-2025-5669 | 0.00 | — | 0.00 | Jun 5, 2025 | A vulnerability classified as critical was found in PHPGurukul Medical Card Generation System 1.0. This vulnerability affects unknown code of the file /admin/unreadenq.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||
| CVE-2025-5668 | 0.00 | — | 0.00 | Jun 5, 2025 | A vulnerability classified as critical has been found in PHPGurukul Medical Card Generation System 1.0. This affects an unknown part of the file /admin/readenq.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||
| CVE-2024-51108 | 0.00 | — | 0.00 | May 23, 2025 | Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fromdate and todate parameters. | |||
| CVE-2024-51107 | 0.00 | — | 0.00 | May 23, 2025 | Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle, pagedes, and email parameters. | |||
| CVE-2024-48704 | 0.00 | — | 0.00 | May 23, 2025 | Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes. | |||
| CVE-2024-51099 | 0.00 | — | 0.00 | May 23, 2025 | A reflected cross-site scripting (XSS) vulnerability in the component mcgs/download-medical-cards.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the searchdata parameter. | |||
| CVE-2024-51106 | 0.00 | — | 0.00 | May 19, 2025 | A cross-site scripting (XSS) vulnerability in the component mcgs/admin/aboutus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle parameter. |
- CVE-2025-50367Jun 27, 2025risk 0.00cvss —epss 0.00
A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript.
- CVE-2025-50370Jun 27, 2025risk 0.00cvss —epss 0.00
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Inquiry Management functionality /mcgs/admin/readenq.php of the Phpgurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authenticated admin to delete inquiry records via a simple GET request, without requiring a CSRF token or validating the origin of the request.
- CVE-2025-50369Jun 27, 2025risk 0.00cvss —epss 0.00
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Manage Card functionality (/mcgs/admin/manage-card.php) of PHPGurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authorized admin to delete medical card records by sending a simple GET request without verifying the origin of the request.
- CVE-2025-5670Jun 5, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /admin/manage-card.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
- CVE-2025-5669Jun 5, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as critical was found in PHPGurukul Medical Card Generation System 1.0. This vulnerability affects unknown code of the file /admin/unreadenq.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
- CVE-2025-5668Jun 5, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as critical has been found in PHPGurukul Medical Card Generation System 1.0. This affects an unknown part of the file /admin/readenq.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
- CVE-2024-51108May 23, 2025risk 0.00cvss —epss 0.00
Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fromdate and todate parameters.
- CVE-2024-51107May 23, 2025risk 0.00cvss —epss 0.00
Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle, pagedes, and email parameters.
- CVE-2024-48704May 23, 2025risk 0.00cvss —epss 0.00
Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes.
- CVE-2024-51099May 23, 2025risk 0.00cvss —epss 0.00
A reflected cross-site scripting (XSS) vulnerability in the component mcgs/download-medical-cards.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the searchdata parameter.
- CVE-2024-51106May 19, 2025risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in the component mcgs/admin/aboutus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle parameter.