Vendor CVEs
Phpgurukul
All CVEs
1,148 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-39411 | 0.00 | — | 0.01 | Nov 5, 2021 | Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in… | |||
| CVE-2021-37808 | 0.00 | — | 0.02 | Oct 27, 2021 | SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind… | |||
| CVE-2021-37807 | 0.00 | — | 0.01 | Oct 27, 2021 | An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database. | |||
| CVE-2021-37806 | 0.00 | — | 0.02 | Oct 27, 2021 | An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for a number of seconds used… | |||
| CVE-2021-37805 | 0.00 | — | 0.01 | Oct 27, 2021 | A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint. | |||
| CVE-2020-24932 | 0.00 | — | 0.02 | Oct 27, 2021 | An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php. | |||
| CVE-2020-23051 | 0.00 | — | 0.01 | Oct 22, 2021 | Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & loginsystem input fields. | |||
| CVE-2021-42224 | 0.00 | — | 0.02 | Oct 13, 2021 | SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php. | |||
| CVE-2021-38833 | 0.00 | — | 0.02 | Sep 13, 2021 | SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v. 1.0 allows attackers to execute arbitrary SQL statements and to gain RCE. | |||
| CVE-2021-28000 | 0.00 | — | 0.01 | Aug 19, 2021 | A persistent cross-site scripting vulnerability was discovered in Local Services Search Engine Management System Project 1.0 which allows remote attackers to execute arbitrary code via crafted payloads entered into the Name and Address fields. | |||
| CVE-2021-26764 | 0.00 | — | 0.02 | Jul 22, 2021 | SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php. | |||
| CVE-2021-26762 | 0.00 | — | 0.02 | Jul 22, 2021 | SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php. | |||
| CVE-2021-26765 | 0.00 | — | 0.03 | Jul 22, 2021 | SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php. | |||
| CVE-2020-35427 | 0.00 | — | 0.03 | Jul 20, 2021 | SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | |||
| CVE-2021-28424 | 0.00 | — | 0.01 | Jul 1, 2021 | A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php. | |||
| CVE-2021-28423 | 0.00 | — | 0.02 | Jul 1, 2021 | Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in… | |||
| CVE-2020-22176 | 0.00 | — | 0.02 | Jun 22, 2021 | PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information. | |||
| CVE-2020-22170 | 0.00 | — | 0.02 | Jun 22, 2021 | PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||
| CVE-2020-22164 | 0.00 | — | 0.02 | Jun 22, 2021 | PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||
| CVE-2020-22166 | 0.00 | — | 0.02 | Jun 22, 2021 | PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||
| CVE-2020-22167 | 0.00 | — | 0.01 | Jun 22, 2021 | PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data. | |||
| CVE-2020-22168 | 0.00 | — | 0.02 | Jun 22, 2021 | PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||
| CVE-2020-22169 | 0.00 | — | 0.02 | Jun 22, 2021 | PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||
| CVE-2020-22171 | 0.00 | — | 0.02 | Jun 22, 2021 | PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||
| CVE-2020-22172 | 0.00 | — | 0.02 | Jun 22, 2021 | PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||
| CVE-2020-22173 | 0.00 | — | 0.02 | Jun 22, 2021 | PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||
| CVE-2020-22174 | 0.00 | — | 0.02 | Jun 22, 2021 | PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||
| CVE-2020-22175 | 0.00 | — | 0.02 | Jun 22, 2021 | PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||
| CVE-2021-27545 | 0.00 | — | 0.02 | Apr 15, 2021 | SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter. | |||
| CVE-2021-27544 | 0.00 | — | 0.01 | Apr 15, 2021 | Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter. | |||
| CVE-2021-26809 | 0.00 | — | 0.02 | Feb 17, 2021 | PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php. | |||
| CVE-2021-26303 | 0.00 | — | 0.01 | Jan 29, 2021 | PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the user-profile.php Full Name field. | |||
| CVE-2021-26304 | 0.00 | — | 0.01 | Jan 29, 2021 | PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter. | |||
| CVE-2020-35745 | 0.00 | — | 0.02 | Jan 7, 2021 | PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs. | |||
| CVE-2020-26766 | 0.00 | — | 0.01 | Dec 26, 2020 | A Cross Site Request Forgery (CSRF) vulnerability exists in the loginsystem page in PHPGurukul User Registration & Login and User Management System With Admin Panel 2.1. | |||
| CVE-2020-24723 | 0.00 | — | 0.01 | Nov 18, 2020 | Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1. | |||
| CVE-2020-28136 | 0.00 | — | 0.03 | Nov 17, 2020 | An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page. | |||
| CVE-2020-25952 | 0.00 | — | 0.04 | Nov 16, 2020 | SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | |||
| CVE-2020-25271 | 0.00 | — | 0.01 | Oct 8, 2020 | PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php. | |||
| CVE-2020-25487 | 0.00 | — | 0.01 | Sep 22, 2020 | PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php. | |||
| CVE-2020-23828 | 0.00 | — | 0.04 | Sep 15, 2020 | A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses… | |||
| CVE-2020-23936 | 0.00 | — | 0.01 | Aug 20, 2020 | PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)". | |||
| CVE-2020-10107 | 0.00 | — | 0.01 | Mar 5, 2020 | PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS, as demonstrated by the ExpenseItem or ExpenseCost parameter in manage-expense.php. | |||
| CVE-2020-10106 | 0.00 | — | 0.01 | Mar 5, 2020 | PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt. | |||
| CVE-2020-5193 | 0.00 | — | 0.01 | Jan 14, 2020 | PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter. | |||
| CVE-2020-5308 | 0.00 | — | 0.01 | Jan 9, 2020 | PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php. | |||
| CVE-2020-5511 | 0.00 | — | 0.02 | Jan 8, 2020 | PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page. | |||
| CVE-2020-5510 | 0.00 | — | 0.02 | Jan 8, 2020 | PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file. |
- CVE-2021-39411Nov 5, 2021risk 0.00cvss —epss 0.01
Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in…
- CVE-2021-37808Oct 27, 2021risk 0.00cvss —epss 0.02
SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind…
- CVE-2021-37807Oct 27, 2021risk 0.00cvss —epss 0.01
An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database.
- CVE-2021-37806Oct 27, 2021risk 0.00cvss —epss 0.02
An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for a number of seconds used…
- CVE-2021-37805Oct 27, 2021risk 0.00cvss —epss 0.01
A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint.
- CVE-2020-24932Oct 27, 2021risk 0.00cvss —epss 0.02
An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php.
- CVE-2020-23051Oct 22, 2021risk 0.00cvss —epss 0.01
Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & loginsystem input fields.
- CVE-2021-42224Oct 13, 2021risk 0.00cvss —epss 0.02
SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php.
- CVE-2021-38833Sep 13, 2021risk 0.00cvss —epss 0.02
SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v. 1.0 allows attackers to execute arbitrary SQL statements and to gain RCE.
- CVE-2021-28000Aug 19, 2021risk 0.00cvss —epss 0.01
A persistent cross-site scripting vulnerability was discovered in Local Services Search Engine Management System Project 1.0 which allows remote attackers to execute arbitrary code via crafted payloads entered into the Name and Address fields.
- CVE-2021-26764Jul 22, 2021risk 0.00cvss —epss 0.02
SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php.
- CVE-2021-26762Jul 22, 2021risk 0.00cvss —epss 0.02
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php.
- CVE-2021-26765Jul 22, 2021risk 0.00cvss —epss 0.03
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php.
- CVE-2020-35427Jul 20, 2021risk 0.00cvss —epss 0.03
SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
- CVE-2021-28424Jul 1, 2021risk 0.00cvss —epss 0.01
A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php.
- CVE-2021-28423Jul 1, 2021risk 0.00cvss —epss 0.02
Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in…
- CVE-2020-22176Jun 22, 2021risk 0.00cvss —epss 0.02
PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information.
- CVE-2020-22170Jun 22, 2021risk 0.00cvss —epss 0.02
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
- CVE-2020-22164Jun 22, 2021risk 0.00cvss —epss 0.02
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
- CVE-2020-22166Jun 22, 2021risk 0.00cvss —epss 0.02
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
- CVE-2020-22167Jun 22, 2021risk 0.00cvss —epss 0.01
PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data.
- CVE-2020-22168Jun 22, 2021risk 0.00cvss —epss 0.02
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
- CVE-2020-22169Jun 22, 2021risk 0.00cvss —epss 0.02
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
- CVE-2020-22171Jun 22, 2021risk 0.00cvss —epss 0.02
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
- CVE-2020-22172Jun 22, 2021risk 0.00cvss —epss 0.02
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
- CVE-2020-22173Jun 22, 2021risk 0.00cvss —epss 0.02
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
- CVE-2020-22174Jun 22, 2021risk 0.00cvss —epss 0.02
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
- CVE-2020-22175Jun 22, 2021risk 0.00cvss —epss 0.02
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
- CVE-2021-27545Apr 15, 2021risk 0.00cvss —epss 0.02
SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter.
- CVE-2021-27544Apr 15, 2021risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter.
- CVE-2021-26809Feb 17, 2021risk 0.00cvss —epss 0.02
PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php.
- CVE-2021-26303Jan 29, 2021risk 0.00cvss —epss 0.01
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the user-profile.php Full Name field.
- CVE-2021-26304Jan 29, 2021risk 0.00cvss —epss 0.01
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter.
- CVE-2020-35745Jan 7, 2021risk 0.00cvss —epss 0.02
PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs.
- CVE-2020-26766Dec 26, 2020risk 0.00cvss —epss 0.01
A Cross Site Request Forgery (CSRF) vulnerability exists in the loginsystem page in PHPGurukul User Registration & Login and User Management System With Admin Panel 2.1.
- CVE-2020-24723Nov 18, 2020risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1.
- CVE-2020-28136Nov 17, 2020risk 0.00cvss —epss 0.03
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.
- CVE-2020-25952Nov 16, 2020risk 0.00cvss —epss 0.04
SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
- CVE-2020-25271Oct 8, 2020risk 0.00cvss —epss 0.01
PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php.
- CVE-2020-25487Sep 22, 2020risk 0.00cvss —epss 0.01
PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php.
- CVE-2020-23828Sep 15, 2020risk 0.00cvss —epss 0.04
A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses…
- CVE-2020-23936Aug 20, 2020risk 0.00cvss —epss 0.01
PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".
- CVE-2020-10107Mar 5, 2020risk 0.00cvss —epss 0.01
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS, as demonstrated by the ExpenseItem or ExpenseCost parameter in manage-expense.php.
- CVE-2020-10106Mar 5, 2020risk 0.00cvss —epss 0.01
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt.
- CVE-2020-5193Jan 14, 2020risk 0.00cvss —epss 0.01
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter.
- CVE-2020-5308Jan 9, 2020risk 0.00cvss —epss 0.01
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php.
- CVE-2020-5511Jan 8, 2020risk 0.00cvss —epss 0.02
PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page.
- CVE-2020-5510Jan 8, 2020risk 0.00cvss —epss 0.02
PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.
Page 23 of 23