VYPR

Vendor CVEs

Phpgurukul

All CVEs

1,148 total · sorted by risk
  • CVE-2021-39411Nov 5, 2021
    risk 0.00cvss epss 0.01

    Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in…

  • CVE-2021-37808Oct 27, 2021
    risk 0.00cvss epss 0.02

    SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind…

  • CVE-2021-37807Oct 27, 2021
    risk 0.00cvss epss 0.01

    An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database.

  • CVE-2021-37806Oct 27, 2021
    risk 0.00cvss epss 0.02

    An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for a number of seconds used…

  • CVE-2021-37805Oct 27, 2021
    risk 0.00cvss epss 0.01

    A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint.

  • CVE-2020-24932Oct 27, 2021
    risk 0.00cvss epss 0.02

    An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php.

  • CVE-2020-23051Oct 22, 2021
    risk 0.00cvss epss 0.01

    Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & loginsystem input fields.

  • CVE-2021-42224Oct 13, 2021
    risk 0.00cvss epss 0.02

    SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php.

  • CVE-2021-38833Sep 13, 2021
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v. 1.0 allows attackers to execute arbitrary SQL statements and to gain RCE.

  • CVE-2021-28000Aug 19, 2021
    risk 0.00cvss epss 0.01

    A persistent cross-site scripting vulnerability was discovered in Local Services Search Engine Management System Project 1.0 which allows remote attackers to execute arbitrary code via crafted payloads entered into the Name and Address fields.

  • CVE-2021-26764Jul 22, 2021
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php.

  • CVE-2021-26762Jul 22, 2021
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php.

  • CVE-2021-26765Jul 22, 2021
    risk 0.00cvss epss 0.03

    SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php.

  • CVE-2020-35427Jul 20, 2021
    risk 0.00cvss epss 0.03

    SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.

  • CVE-2021-28424Jul 1, 2021
    risk 0.00cvss epss 0.01

    A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php.

  • CVE-2021-28423Jul 1, 2021
    risk 0.00cvss epss 0.02

    Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in…

  • CVE-2020-22176Jun 22, 2021
    risk 0.00cvss epss 0.02

    PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information.

  • CVE-2020-22170Jun 22, 2021
    risk 0.00cvss epss 0.02

    PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

  • CVE-2020-22164Jun 22, 2021
    risk 0.00cvss epss 0.02

    PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

  • CVE-2020-22166Jun 22, 2021
    risk 0.00cvss epss 0.02

    PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

  • CVE-2020-22167Jun 22, 2021
    risk 0.00cvss epss 0.01

    PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data.

  • CVE-2020-22168Jun 22, 2021
    risk 0.00cvss epss 0.02

    PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

  • CVE-2020-22169Jun 22, 2021
    risk 0.00cvss epss 0.02

    PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

  • CVE-2020-22171Jun 22, 2021
    risk 0.00cvss epss 0.02

    PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

  • CVE-2020-22172Jun 22, 2021
    risk 0.00cvss epss 0.02

    PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

  • CVE-2020-22173Jun 22, 2021
    risk 0.00cvss epss 0.02

    PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

  • CVE-2020-22174Jun 22, 2021
    risk 0.00cvss epss 0.02

    PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

  • CVE-2020-22175Jun 22, 2021
    risk 0.00cvss epss 0.02

    PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

  • CVE-2021-27545Apr 15, 2021
    risk 0.00cvss epss 0.02

    SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter.

  • CVE-2021-27544Apr 15, 2021
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter.

  • CVE-2021-26809Feb 17, 2021
    risk 0.00cvss epss 0.02

    PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php.

  • CVE-2021-26303Jan 29, 2021
    risk 0.00cvss epss 0.01

    PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the user-profile.php Full Name field.

  • CVE-2021-26304Jan 29, 2021
    risk 0.00cvss epss 0.01

    PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter.

  • CVE-2020-35745Jan 7, 2021
    risk 0.00cvss epss 0.02

    PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs.

  • CVE-2020-26766Dec 26, 2020
    risk 0.00cvss epss 0.01

    A Cross Site Request Forgery (CSRF) vulnerability exists in the loginsystem page in PHPGurukul User Registration & Login and User Management System With Admin Panel 2.1.

  • CVE-2020-24723Nov 18, 2020
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1.

  • CVE-2020-28136Nov 17, 2020
    risk 0.00cvss epss 0.03

    An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.

  • CVE-2020-25952Nov 16, 2020
    risk 0.00cvss epss 0.04

    SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.

  • CVE-2020-25271Oct 8, 2020
    risk 0.00cvss epss 0.01

    PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php.

  • CVE-2020-25487Sep 22, 2020
    risk 0.00cvss epss 0.01

    PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php.

  • CVE-2020-23828Sep 15, 2020
    risk 0.00cvss epss 0.04

    A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses…

  • CVE-2020-23936Aug 20, 2020
    risk 0.00cvss epss 0.01

    PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".

  • CVE-2020-10107Mar 5, 2020
    risk 0.00cvss epss 0.01

    PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS, as demonstrated by the ExpenseItem or ExpenseCost parameter in manage-expense.php.

  • CVE-2020-10106Mar 5, 2020
    risk 0.00cvss epss 0.01

    PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt.

  • CVE-2020-5193Jan 14, 2020
    risk 0.00cvss epss 0.01

    PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter.

  • CVE-2020-5308Jan 9, 2020
    risk 0.00cvss epss 0.01

    PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php.

  • CVE-2020-5511Jan 8, 2020
    risk 0.00cvss epss 0.02

    PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page.

  • CVE-2020-5510Jan 8, 2020
    risk 0.00cvss epss 0.02

    PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.

Page 23 of 23