VYPR

Vendor CVEs

Phpgurukul

All CVEs

1,148 total · sorted by risk
  • CVE-2023-31498May 11, 2023
    risk 0.00cvss epss 0.02

    A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter.

  • CVE-2023-1964Apr 9, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. Affected is an unknown function of the file recovery.php of the component Password Reset. The manipulation of the argument uname/mobile leads to sql injection. It is possible…

  • CVE-2023-1963Apr 9, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php of the component Search. The manipulation of the argument searchinput leads to sql injection. The attack may…

  • CVE-2023-1950Apr 8, 2023
    risk 0.00cvss epss 0.01

    A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file password-recovery.php of the component Password Recovery. The manipulation of the argument…

  • CVE-2023-1949Apr 8, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file change-password.php of the component Change Password Handler. The manipulation of the argument password leads to sql…

  • CVE-2023-1948Apr 8, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file add-family-member.php of the component Add New Family Member Handler. The manipulation of the argument…

  • CVE-2023-1909Apr 7, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file profile.php of the component User Profile Update Handler. The manipulation of the argument name/mobno leads to sql…

  • CVE-2023-26958Mar 27, 2023
    risk 0.00cvss epss 0.00

    Phpgurukul Park Ticketing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Admin Name parameter.

  • CVE-2023-26959Mar 27, 2023
    risk 0.00cvss epss 0.01

    Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name parameter.

  • CVE-2023-27074Mar 14, 2023
    risk 0.00cvss epss 0.01

    BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability via the emailid parameter in the login page.

  • CVE-2023-23155Feb 27, 2023
    risk 0.00cvss epss 0.01

    Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the username parameter in the Admin Login.

  • CVE-2023-23026Feb 7, 2023
    risk 0.00cvss epss 0.01

    Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 sales management system 1.0, allows attackers to execute arbitrary code via the product_name and product_price inputs in file print.php.

  • CVE-2023-0641Feb 2, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to…

  • CVE-2022-47073Jan 25, 2023
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in the Create Ticket page of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject parameter.

  • CVE-2022-45217Dec 7, 2022
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module.

  • CVE-2022-43369Dec 6, 2022
    risk 0.00cvss epss 0.01

    AutoTaxi Stand Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component search.php.

  • CVE-2022-43097Dec 5, 2022
    risk 0.00cvss epss 0.01

    Phpgurukul User Registration & User Management System v3.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & login pages.

  • CVE-2022-4228Nov 30, 2022
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file /bsms_ci/index.php/user/edit_user/. The manipulation of the argument password leads to information disclosure. It is possible to…

  • CVE-2022-4229Nov 30, 2022
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has…

  • CVE-2022-41445Nov 22, 2022
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in Record Management System using CodeIgniter 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Subject page.

  • CVE-2021-37782Oct 28, 2022
    risk 0.00cvss epss 0.01

    Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php.

  • CVE-2021-35387Oct 28, 2022
    risk 0.00cvss epss 0.01

    Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.

  • CVE-2021-35388Oct 28, 2022
    risk 0.00cvss epss 0.00

    Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.

  • CVE-2022-42206Oct 21, 2022
    risk 0.00cvss epss 0.00

    PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php.

  • CVE-2022-42205Oct 21, 2022
    risk 0.00cvss epss 0.00

    PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php.

  • CVE-2022-3452Oct 11, 2022
    risk 0.00cvss epss 0.00

    A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument category_name leads to cross site scripting. The attack can be…

  • CVE-2022-3453Oct 11, 2022
    risk 0.00cvss epss 0.00

    A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /transcation.php. The manipulation of the argument buyer_name leads to cross site scripting. The attack may be…

  • CVE-2022-40943Sep 30, 2022
    risk 0.00cvss epss 0.01

    Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file.

  • CVE-2022-35156Sep 30, 2022
    risk 0.00cvss epss 0.01

    Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php..

  • CVE-2022-40944Sep 30, 2022
    risk 0.00cvss epss 0.01

    Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file.

  • CVE-2022-38265Sep 8, 2022
    risk 0.00cvss epss 0.01

    Apartment Visitor Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /avms/edit-apartment.php.

  • CVE-2020-23466Aug 19, 2022
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0 allows attackers to run arbitrary code via the wzipcode field.

  • CVE-2022-2773Aug 11, 2022
    risk 0.00cvss epss 0.00

    A vulnerability was found in SourceCodester Apartment Visitor Management System. It has been classified as problematic. This affects an unknown part of the file profile.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The…

  • CVE-2022-2772Aug 11, 2022
    risk 0.00cvss epss 0.00

    A vulnerability was found in SourceCodester Apartment Visitor Management System and classified as critical. Affected by this issue is some unknown functionality of the file action-visitor.php. The manipulation of the argument editid/remark leads to sql injection. The attack may…

  • CVE-2022-2684Aug 5, 2022
    risk 0.00cvss epss 0.01

    A vulnerability has been found in SourceCodester Apartment Visitor Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /manage-apartment.php. The manipulation of the argument Apartment Number with the input…

  • CVE-2022-2677Aug 5, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been classified as critical. This affects an unknown part of the file index.php. The manipulation of the argument username with the input ' AND (SELECT 4955 FROM (SELECT(SLEEP(5)))RSzF)…

  • CVE-2022-34611Jul 27, 2022
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in /index.php/?p=report of Online Fire Reporting System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "Contac #" text field.

  • CVE-2017-20131Jul 16, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in Itech News Portal 6.28. It has been classified as critical. Affected is an unknown function of the file /news-portal-script/information.php. The manipulation of the argument inf leads to sql injection. It is possible to launch the attack remotely.…

  • CVE-2022-2293Jul 12, 2022
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic was found in SourceCodester Simple Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ci_ssms/index.php/orders/create. The manipulation of the argument customer_name with the input…

  • CVE-2022-31384Jun 16, 2022
    risk 0.00cvss epss 0.02

    Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php.

  • CVE-2022-31415Jun 14, 2022
    risk 0.00cvss epss 0.01

    Online Fire Reporting System v1.0 was discovered to contain a SQL injection vulnerability via the GET parameter in /report/list.php.

  • CVE-2022-31973Jun 1, 2022
    risk 0.00cvss epss 0.01

    Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=delete_img.

  • CVE-2022-27992Apr 8, 2022
    risk 0.00cvss epss 0.02

    Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/animals via the class_id parameter.

  • CVE-2022-27351Apr 8, 2022
    risk 0.00cvss epss 0.03

    Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

  • CVE-2020-36062Feb 11, 2022
    risk 0.00cvss epss 0.02

    Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised.

  • CVE-2021-26800Dec 16, 2021
    risk 0.00cvss epss 0.00

    Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user management system in php using stored procedure V1.0, allows attackers to change the password to an arbitrary account.

  • CVE-2021-44965Dec 13, 2021
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server.

  • CVE-2021-44966Dec 13, 2021
    risk 0.00cvss epss 0.02

    SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system.

  • CVE-2021-43451Dec 1, 2021
    risk 0.00cvss epss 0.02

    SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php.

  • CVE-2021-39412Nov 5, 2021
    risk 0.00cvss epss 0.01

    Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGurukul Shopping v3.1 via the (1) callback parameter in (a) server_side/scripts/id_jsonp.php, (b) server_side/scripts/jsonp.php, and (c) scripts/objects_jsonp.php, the (2) value parameter in…

Page 22 of 23