Vendor
Phpgurukul
Products
49
CVEs
220
Across products
220
Status
Private
Products
49- 18 CVEs
- 13 CVEs
- 10 CVEs
- 9 CVEs
- 9 CVEs
- 9 CVEs
- 8 CVEs
- 8 CVEs
- 8 CVEs
- 8 CVEs
- 7 CVEs
- 6 CVEs
- 6 CVEs
- 6 CVEs
- 6 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- + 19 more — see CVE list below for full coverage.
Recent CVEs
220| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-56214 | Cri | 0.64 | 9.8 | 0.00 | Aug 25, 2025 | phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter. | |
| CVE-2025-56212 | Cri | 0.64 | 9.8 | 0.00 | Aug 25, 2025 | phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter. | |
| CVE-2025-57148 | Cri | 0.59 | 9.1 | 0.00 | Sep 3, 2025 | phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation. | |
| CVE-2025-57151 | Hig | 0.57 | 8.8 | 0.00 | Sep 3, 2025 | phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/userprofile.php via the fullname parameter. | |
| CVE-2025-56216 | Hig | 0.55 | 8.5 | 0.00 | Aug 25, 2025 | phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter. | |
| CVE-2025-57146 | Hig | 0.53 | 8.1 | 0.00 | Sep 3, 2025 | phpgurukul Complaint Management System in PHP 2.0 is vulnerable to SQL Injection in user/reset-password.php via the mobileno parameter. | |
| CVE-2025-57147 | Hig | 0.49 | 7.5 | 0.00 | Sep 3, 2025 | A SQL Injection vulnerability was found in phpgurukul Complaint Management System 2.0. The vulnerability is due to lack of input validation of multiple parameters including fullname, email, and contactno in user/registration.php. | |
| CVE-2025-7160 | Hig | 0.48 | 7.3 | 0.03 | Jul 8, 2025 | A vulnerability classified as critical has been found in PHPGurukul Zoo Management System 2.1. This affects an unknown part of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2026-3164 | Hig | 0.47 | 7.3 | 0.00 | Feb 25, 2026 | A vulnerability was found in itsourcecode News Portal Project 1.0. This issue affects some unknown processing of the file /admin/contactus.php. The manipulation of the argument pagetitle results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. | |
| CVE-2026-3135 | Hig | 0.47 | 7.3 | 0.00 | Feb 25, 2026 | A weakness has been identified in itsourcecode News Portal Project 1.0. The impacted element is an unknown function of the file /admin/add-category.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. | |
| CVE-2026-3134 | Hig | 0.47 | 7.3 | 0.00 | Feb 25, 2026 | A security flaw has been discovered in itsourcecode News Portal Project 1.0. The affected element is an unknown function of the file /newsportal/admin/edit-category.php. The manipulation of the argument Category results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. | |
| CVE-2026-2225 | Hig | 0.47 | 7.3 | 0.00 | Feb 9, 2026 | A flaw has been found in itsourcecode News Portal Project 1.0. This vulnerability affects unknown code of the file /admin/index.php of the component Administrator Login. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. | |
| CVE-2026-2161 | Hig | 0.47 | 7.3 | 0.00 | Feb 8, 2026 | A vulnerability was found in itsourcecode Directory Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/forget-password.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. | |
| CVE-2026-2088 | Hig | 0.47 | 7.3 | 0.00 | Feb 7, 2026 | A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/accepted-appointment.php. Such manipulation of the argument delid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2026-1688 | Hig | 0.47 | 7.3 | 0.00 | Jan 30, 2026 | A security vulnerability has been detected in itsourcecode Directory Management System 1.0. The affected element is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. | |
| CVE-2026-1160 | Hig | 0.47 | 7.3 | 0.00 | Jan 19, 2026 | A security vulnerability has been detected in PHPGurukul Directory Management System 1.0. Impacted is an unknown function of the file /index.php of the component Search. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | |
| CVE-2025-13247 | Hig | 0.47 | 7.3 | 0.00 | Nov 16, 2025 | A security flaw has been discovered in PHPGurukul Tourism Management System 1.0. The affected element is an unknown function of the file /admin/user-bookings.php. The manipulation of the argument uid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. | |
| CVE-2025-11507 | Hig | 0.47 | 7.3 | 0.00 | Oct 8, 2025 | A weakness has been identified in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/search-invoices.php. This manipulation of the argument searchdata causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. | |
| CVE-2025-11506 | Hig | 0.47 | 7.3 | 0.00 | Oct 8, 2025 | A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/search-appointment.php. The manipulation of the argument searchdata results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. | |
| CVE-2025-11505 | Hig | 0.47 | 7.3 | 0.00 | Oct 8, 2025 | A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/new-appointment.php. The manipulation of the argument delid leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. |