VYPR

Vendor CVEs

Phpgurukul

All CVEs

1,148 total · sorted by risk
  • CVE-2024-10156Oct 19, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Sign In Page. The manipulation of the argument username leads to sql injection. The attack can…

  • CVE-2024-10155Oct 19, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been classified as problematic. This affects an unknown part of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument phone_number leads to cross site scripting. It…

  • CVE-2024-10154Oct 19, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file status.php of the component Check Booking Status Page. The manipulation of the argument emailid leads to sql injection.…

  • CVE-2024-10153Oct 19, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument…

  • CVE-2024-48744Oct 16, 2024
    risk 0.00cvss epss 0.00

    A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request parameter.

  • CVE-2024-48283Oct 15, 2024
    risk 0.00cvss epss 0.01

    Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection in /admin//search-result.php via the searchkey parameter.

  • CVE-2024-48278Oct 15, 2024
    risk 0.00cvss epss 0.00

    Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to Cross Site Request Forgery (CSRF) via /edit-profile.php.

  • CVE-2024-48279Oct 15, 2024
    risk 0.00cvss epss 0.01

    A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary HTML code via the searchkey parameter in a POST HTTP request.

  • CVE-2024-48280Oct 15, 2024
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL command via the fromdate parameter in a POST HTTP request.

  • CVE-2024-48282Oct 15, 2024
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability was found in /password-recovery.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the femail parameter in a POST HTTP…

  • CVE-2024-9816Oct 10, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be…

  • CVE-2024-9815Oct 10, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/create-package.php. The manipulation of the argument packageimage leads to unrestricted upload. The…

  • CVE-2024-46237Oct 9, 2024
    risk 0.00cvss epss 0.00

    PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php.

  • CVE-2024-9091Sep 23, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in code-projects Student Record System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument regno leads to sql injection. The attack can be launched…

  • CVE-2024-46241Sep 23, 2024
    risk 0.00cvss epss 0.00

    PHPGurukul Dairy Farm Shop Management System v1.1 is vulnerable to Cross-Site Scripting (XSS) via the pname parameter in add_product.php and edit_product.php.

  • CVE-2024-9080Sep 22, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in code-projects Student Record System 1.0. It has been classified as critical. Affected is an unknown function of the file /pincode-verification.php. The manipulation of the argument pincode leads to sql injection. It is possible to launch the attack…

  • CVE-2024-9079Sep 22, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in code-projects Student Record System 1.0 and classified as critical. This issue affects some unknown processing of the file /marks.php. The manipulation of the argument coursename leads to sql injection. The attack may be initiated remotely. The…

  • CVE-2024-9078Sep 22, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been found in code-projects Student Record System 1.0 and classified as critical. This vulnerability affects unknown code of the file /course.php. The manipulation of the argument coursename leads to sql injection. The attack can be initiated remotely. The…

  • CVE-2024-44798Sep 13, 2024
    risk 0.00cvss epss 0.00

    phpgurukul Bus Pass Management System 1.0 is vulnerable to Cross-site scripting (XSS) in /admin/pass-bwdates-reports-details.php via fromdate and todate parameters.

  • CVE-2024-40484Aug 8, 2024
    risk 0.00cvss epss 0.01

    A Reflected Cross Site Scripting (XSS) vulnerability was found in "/oahms/search.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter.

  • CVE-2024-40477Aug 8, 2024
    risk 0.00cvss epss 0.01

    A SQL injection vulnerability in "/oahms/admin/forgot-password.php" in PHPGurukul Old Age Home Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "email" parameter.

  • CVE-2024-40481Aug 8, 2024
    risk 0.00cvss epss 0.01

    A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/view-enquiry.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the Contact Us page "message" parameter.

  • CVE-2024-41333Aug 6, 2024
    risk 0.00cvss epss 0.01

    A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the uname parameter.

  • CVE-2024-39090Jul 18, 2024
    risk 0.00cvss epss 0.01

    The PHPGurukul Online Shopping Portal Project version 2.0 contains a vulnerability that allows Cross-Site Request Forgery (CSRF) to lead to Stored Cross-Site Scripting (XSS). An attacker can exploit this vulnerability to execute arbitrary JavaScript code in the context of a…

  • CVE-2024-29390Jun 20, 2024
    risk 0.00cvss epss 0.00

    Daily Expenses Management System version 1.0, developed by PHP Gurukul, contains a time-based blind SQL injection vulnerability in the 'add-expense.php' page. An attacker can exploit the 'item' parameter in a POST request to execute arbitrary SQL commands in the backend…

  • CVE-2024-37798Jun 17, 2024
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input field.

  • CVE-2024-34987Jun 3, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection vulnerability exists in the `ofrs/admin/index.php` script of PHPGurukul Online Fire Reporting System 1.2. The vulnerability allows attackers to bypass authentication and gain unauthorized access by injecting SQL commands into the username input field during the…

  • CVE-2024-35511May 28, 2024
    risk 0.00cvss epss 0.00

    phpgurukul Men Salon Management System v2.0 is vulnerable to SQL Injection via the "username" parameter of /msms/admin/index.php.

  • CVE-2024-5361May 26, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some unknown processing of the file /admin/normal-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack may be…

  • CVE-2024-5360May 26, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/foreigner-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can…

  • CVE-2024-5359May 26, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been classified as critical. This affects an unknown part of the file /admin/foreigner-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack…

  • CVE-2024-5358May 26, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/normal-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched…

  • CVE-2024-5357May 26, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be…

  • CVE-2024-5137May 20, 2024
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic was found in PHPGurukul Directory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php of the component Searchbar. The manipulation leads to cross site scripting. The…

  • CVE-2024-5136May 20, 2024
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic has been found in PHPGurukul Directory Management System 1.0. Affected is an unknown function of the file /admin/search-directory.php.. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The…

  • CVE-2024-5135May 20, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in PHPGurukul Directory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be initiated…

  • CVE-2024-5066May 17, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in PHPGurukul Online Course Registration System 3.1. Affected by this vulnerability is an unknown functionality of the file /pincode-verification.php. The manipulation of the argument pincode leads to sql injection. The attack can…

  • CVE-2024-5065May 17, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in PHPGurukul Online Course Registration System 3.1. Affected is an unknown function of the file /onlinecourse/. The manipulation of the argument regno leads to sql injection. It is possible to launch the attack remotely. The…

  • CVE-2024-5064May 17, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been rated as critical. This issue affects some unknown processing of the file news-details.php. The manipulation of the argument nid leads to sql injection. The attack may be initiated…

  • CVE-2024-5063May 17, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in PHPGurukul Online Course Registration System 3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be…

  • CVE-2024-30985Apr 17, 2024
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in "B/W Dates Reports" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "todate" and "fromdate" parameters.

  • CVE-2024-30987Apr 17, 2024
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability in /bwdates-reports-ds.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the fromdate and todate parameters.

  • CVE-2024-30981Apr 17, 2024
    risk 0.00cvss epss 0.00

    SQL Injection vulnerability in /edit-computer-detail.php in phpgurukul Cyber Cafe Management System Using PHP & MySQL v1.0 allows attackers to run arbitrary SQL commands via editid in the application URL.

  • CVE-2024-30983Apr 17, 2024
    risk 0.00cvss epss 0.00

    SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the compname parameter in /edit-computer-detail.php file.

  • CVE-2024-30988Apr 17, 2024
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability in /search-invoices.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the Search bar.

  • CVE-2024-30982Apr 17, 2024
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the upid parameter in the /view-user-detail.php file.

  • CVE-2024-30980Apr 17, 2024
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the Computer Location parameter in manage-computer.php page.

  • CVE-2024-30990Apr 17, 2024
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in the "Invoices" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "searchdata" parameter.

  • CVE-2024-30986Apr 17, 2024
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in /edit-services-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and via "price" and "sname" parameter.

  • CVE-2024-30989Apr 17, 2024
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in /edit-client-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code via the "cname", "comname", "state" and "city" parameter.

Page 19 of 23