VYPR

Vendor CVEs

Phpgurukul

All CVEs

1,148 total · sorted by risk
  • CVE-2024-55232Dec 18, 2024
    risk 0.00cvss epss 0.00

    An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to delete notes belonging to other accounts due to missing authorization checks. This flaw enables attackers to delete another user's…

  • CVE-2024-55231Dec 18, 2024
    risk 0.00cvss epss 0.00

    An IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to modify notes belonging to other accounts due to missing authorization checks. This flaw exposes sensitive data and enables attackers to alter…

  • CVE-2024-55059Dec 17, 2024
    risk 0.00cvss epss 0.00

    A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php.

  • CVE-2024-55057Dec 17, 2024
    risk 0.00cvss epss 0.00

    Phpgurukul Online Birth Certificate System 1.0 suffers from insufficient password requirements which can lead to unauthorized access to user accounts.

  • CVE-2024-55058Dec 17, 2024
    risk 0.00cvss epss 0.00

    An insecure direct object reference (IDOR) vulnerability was discovered in PHPGurukul Online Birth Certificate System v1.0. This vulnerability resides in the viewid parameter of /user/view-application-detail.php. Authenticated users can exploit this flaw by manipulating the…

  • CVE-2024-55056Dec 17, 2024
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability was identified in Phpgurukul Online Birth Certificate System 1.0 in /user/certificate-form.php via the full name field.

  • CVE-2024-55496Dec 17, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been found in the 1000projects Bookstore Management System PHP MySQL Project 1.0. This issue affects some unknown functionality of add_company.php. Actions on the delete parameter result in SQL injection.

  • CVE-2024-55100Dec 16, 2024
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Online Nurse Hiring System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fullname parameter.

  • CVE-2024-55103Dec 16, 2024
    risk 0.00cvss epss 0.01

    Online Nurse Hiring System v1.0 was discovered to contain a SQL injection vulnerability in the component /admin/profile.php via the fullname parameter.

  • CVE-2024-55104Dec 16, 2024
    risk 0.00cvss epss 0.01

    Online Nurse Hiring System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component /admin/add-nurse.php via the gender and emailid parameters.

  • CVE-2024-54842Dec 12, 2024
    risk 0.00cvss epss 0.00

    A SQL injection vulnerability was found in phpgurukul Online Nurse Hiring System v1.0 in /admin/password-recovery.php via the mobileno parameter.

  • CVE-2024-54811Dec 12, 2024
    risk 0.00cvss epss 0.01

    A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "login" parameter.

  • CVE-2024-54810Dec 12, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection vulnerability was found in /preschool/admin/password-recovery.php in PHPGurukul Pre-School Enrollment System Project v1.0, which allows remote attackers to execute arbitrary code via the mobileno parameter.

  • CVE-2024-53481Dec 10, 2024
    risk 0.00cvss epss 0.01

    A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "Firstname" and "Last name" parameters.

  • CVE-2024-53480Dec 10, 2024
    risk 0.00cvss epss 0.01

    Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in `login.php` via the `emailcont` parameter.

  • CVE-2024-55268Dec 6, 2024
    risk 0.00cvss epss 0.00

    A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter.

  • CVE-2024-48703Dec 6, 2024
    risk 0.00cvss epss 0.00

    PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter.

  • CVE-2024-12234Dec 5, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-customer-detailed.php. The manipulation of the argument name leads to sql injection. It is possible to…

  • CVE-2024-12230Dec 5, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in PHPGurukul Complaint Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/subcategory.php. The manipulation of the argument category leads to sql injection. The attack…

  • CVE-2024-12229Dec 5, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in PHPGurukul Complaint Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/complaint-search.php. The manipulation of the argument search leads to sql injection. The attack can be…

  • CVE-2024-12228Dec 5, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. Affected is an unknown function of the file /admin/user-search.php. The manipulation of the argument search leads to sql injection. It is possible to launch the attack remotely.…

  • CVE-2024-53364Dec 2, 2024
    risk 0.00cvss epss 0.00

    A SQL injection vulnerability was found in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/view-detail.php. This vulnerability affects the viewid parameter, where improper input sanitization allows attackers to inject malicious SQL queries.

  • CVE-2024-11967Nov 28, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in PHPGurukul Complaint Management system 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/reset-password.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack…

  • CVE-2024-11966Nov 28, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in PHPGurukul Complaint Management system 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely.…

  • CVE-2024-11965Nov 28, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been found in PHPGurukul Complaint Management system 1.0 and classified as critical. This vulnerability affects unknown code of the file /user/reset-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated…

  • CVE-2024-11964Nov 28, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management system 1.0. This affects an unknown part of the file /user/index.php. The manipulation of the argument emailid leads to sql injection. It is possible to initiate the attack remotely.…

  • CVE-2024-53604Nov 27, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the mobnumber POST request parameter.

  • CVE-2024-53635Nov 27, 2024
    risk 0.00cvss epss 0.00

    A Reflected Cross Site Scripting (XSS) vulnerability was found in /covid-tms/patient-search-report.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata POST request parameter.

  • CVE-2024-53603Nov 27, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter.

  • CVE-2024-11818Nov 26, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in PHPGurukul User Registration & Login and User Management System 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the…

  • CVE-2024-11817Nov 26, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in PHPGurukul User Registration & Login and User Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument username leads to sql injection.…

  • CVE-2024-53365Nov 26, 2024
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability was identified in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/profile.php. This vulnerability allows authenticated users to inject malicious XSS scripts into the profile name field.

  • CVE-2024-11673Nov 25, 2024
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, has been found in 1000 Projects Bookstore Management System 1.0. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been…

  • CVE-2024-11649Nov 25, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been found in 1000 Projects Beauty Parlour Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/search-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack can…

  • CVE-2024-11648Nov 25, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/add-customer.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the…

  • CVE-2024-11647Nov 25, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/view-appointment.php. The manipulation of the argument viewid leads to sql injection.…

  • CVE-2024-11646Nov 24, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit-services.php. The manipulation of the argument sername leads to sql injection. The attack…

  • CVE-2024-11592Nov 21, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been found in 1000 Projects Beauty Parlour Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/about-us.php. The manipulation of the argument pagetitle leads to sql injection. The attack can be…

  • CVE-2024-11591Nov 21, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/add-services.php. The manipulation of the argument sername leads to sql injection. It is possible to initiate the…

  • CVE-2024-11590Nov 21, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in 1000 Projects Bookstore Management System 1.0. Affected by this issue is some unknown functionality of the file /forget_password_process.php. The manipulation of the argument unm leads to sql injection. The…

  • CVE-2024-51208Nov 20, 2024
    risk 0.00cvss epss 0.00

    File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0 allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter.

  • CVE-2024-11258Nov 15, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely.…

  • CVE-2024-11257Nov 15, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack…

  • CVE-2024-50843Nov 14, 2024
    risk 0.00cvss epss 0.01

    A Directory listing issue was found in PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers attacker to access sensitive files and directories via /loginsystem/assets.

  • CVE-2024-48284Nov 14, 2024
    risk 0.00cvss epss 0.00

    A Reflected Cross-Site Scripting (XSS) vulnerability was found in the /search-result.php page of the PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary scripts via the searchkey parameter in a POST…

  • CVE-2024-11101Nov 12, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/search-invoices.php. The manipulation of the argument searchdata leads to sql injection. It is possible to…

  • CVE-2024-11100Nov 12, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument name leads to sql injection. The attack can be…

  • CVE-2024-50989Nov 11, 2024
    risk 0.00cvss epss 0.01

    A SQL injection vulnerability in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System v1.0 allows an attacker to execute arbitrary SQL commands via the "searchdata " parameter.

  • CVE-2024-50991Nov 11, 2024
    risk 0.00cvss epss 0.00

    A Cross Site Scripting (XSS) vulnerability was found in /ums-sp/admin/registered-users.php in PHPGurukul User Management System v1.0, which allows remote attackers to execute arbitrary code via the "fname" POST request parameter

  • CVE-2024-51054Nov 11, 2024
    risk 0.00cvss epss 0.00

    A Cross Site Scriptng (XSS) vulnerability was found in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" POST request parameter.

Page 17 of 23