VYPR

Vendor CVEs

Phpgurukul

All CVEs

1,148 total · sorted by risk
  • CVE-2023-0563Jan 28, 2023
    risk 0.03cvss epss 0.35

    A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is…

  • CVE-2022-29004May 23, 2022
    risk 0.03cvss epss 0.03

    Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.

  • CVE-2020-22165Jun 22, 2021
    risk 0.03cvss epss 0.06

    PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

  • CVE-2020-25270Oct 8, 2020
    risk 0.03cvss epss 0.03

    PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City.

  • CVE-2020-5191Jan 6, 2020
    risk 0.03cvss epss 0.06

    PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.

  • CVE-2024-55099Dec 12, 2024
    risk 0.02cvss epss 0.01

    A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username parameter.

  • CVE-2024-9326Sep 29, 2024
    risk 0.02cvss epss 0.01

    A vulnerability classified as critical was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /shopping/admin/index.php of the component Admin Panel. The manipulation of the argument username leads to sql injection. The attack can…

  • CVE-2022-31984Jun 1, 2022
    risk 0.02cvss epss 0.05

    Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=.

  • CVE-2024-30998Apr 3, 2024
    risk 0.01cvss epss 0.01

    SQL Injection vulnerability in PHPGurukul Men Salon Management System v.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via the email parameter in the index.php component.

  • CVE-2023-7173Dec 30, 2023
    risk 0.01cvss epss 0.01

    A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file registration.php. The manipulation of the argument First Name leads to cross site scripting. It is possible to initiate the…

  • CVE-2022-31974Jun 1, 2022
    risk 0.01cvss epss 0.05

    Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=.

  • CVE-2022-31980Jun 1, 2022
    risk 0.01cvss epss 0.02

    Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_team&id=.

  • CVE-2022-31981Jun 1, 2022
    risk 0.01cvss epss 0.02

    Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_team&id=.

  • CVE-2022-31982Jun 1, 2022
    risk 0.01cvss epss 0.02

    Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=.

  • CVE-2022-29005May 23, 2022
    risk 0.01cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters.

  • CVE-2020-28130Nov 17, 2020
    risk 0.01cvss epss 0.06

    An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root).

  • CVE-2024-51226Mar 23, 2026
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Search parameter.

  • CVE-2024-51225Mar 23, 2026
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the component /admin/add-brand.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the brandname parameter.

  • CVE-2024-51224Mar 23, 2026
    risk 0.00cvss epss 0.00

    Multiple cross-site scripting (XSS) vulnerabilities in the component /admin/edit-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the vehiclename, modelnumber,…

  • CVE-2024-51222Mar 23, 2026
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.

  • CVE-2024-51223Mar 23, 2026
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Mobile Number parameter.

  • CVE-2025-70064Feb 18, 2026
    risk 0.00cvss epss 0.00

    PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator Dashboard and all sub-modules (e.g., User Logs, Doctor Management) by manually browsing to the /admin/ directory after…

  • CVE-2025-70062Feb 18, 2026
    risk 0.00cvss epss 0.00

    PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create arbitrary Doctor…

  • CVE-2025-70063Feb 18, 2026
    risk 0.00cvss epss 0.00

    The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference (IDOR) vulnerability. The application fails to verify that the requested 'viewid' parameter belongs to the currently authenticated patient. This allows a user…

  • CVE-2024-55271Feb 17, 2026
    risk 0.00cvss epss 0.00

    A Cross-Site Request Forgery (CSRF) vulnerability has been identified in phpgurukul Gym Management System 1.0. This issue is present in the profile update functionality of the User Panel, specifically the /profile.php endpoint.

  • CVE-2024-55270Feb 17, 2026
    risk 0.00cvss epss 0.00

    phpgurukul Student Management System 1.0 is vulnerable to SQL Injection in studentms/admin/search.php via the searchdata parameter.

  • CVE-2025-70899Jan 22, 2026
    risk 0.00cvss epss 0.00

    PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery (CSRF) protection on all administrative forms. An attacker can perform unauthorized actions on behalf of authenticated administrators by tricking them into visiting a malicious webpage.

  • CVE-2025-70892Jan 15, 2026
    risk 0.00cvss epss 0.00

    Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate user-supplied input in the username parameter of the add-users.php endpoint.

  • CVE-2025-70891Jan 15, 2026
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability exists in Phpgurukul Cyber Cafe Management System v1.0 within the user management module. The application does not properly sanitize or encode user-supplied input submitted via the uadd parameter in the add-users.php endpoint. An…

  • CVE-2025-70893Jan 15, 2026
    risk 0.00cvss epss 0.00

    A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authenticated attackers to…

  • CVE-2025-69991Jan 13, 2026
    risk 0.00cvss epss 0.00

    phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in check_availablity.php.

  • CVE-2025-69992Jan 13, 2026
    risk 0.00cvss epss 0.01

    phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authentication.

  • CVE-2025-69990Jan 13, 2026
    risk 0.00cvss epss 0.00

    phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vulnerability in remove_file.php. The parameter file can cause any file to be deleted.

  • CVE-2025-63611Jan 8, 2026
    risk 0.00cvss epss 0.00

    Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer (/admin/complaint-details.php?cid=). When an administrator…

  • CVE-2025-65647Nov 25, 2025
    risk 0.00cvss epss 0.00

    Insecure Direct Object Reference (IDOR) in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter.

  • CVE-2025-63955Nov 18, 2025
    risk 0.00cvss epss 0.00

    A Cross-Site Request Forgery (CSRF) vulnerability in the manage-students.php component of PHPGurukul Student Record System v3.2 allows an attacker to trick an authenticated administrator into submitting a forged request. This leads to the unauthorized deletion of user accounts,…

  • CVE-2024-44644Nov 17, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the frm_id and aremark parameters in manage-tickets.php.

  • CVE-2024-46335Nov 17, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Complaint Management System 2.0 is vulnerble to Cross Site Scripting (XSS) via the fromdate and todate parameters in between-date-userreport.php.

  • CVE-2024-44661Nov 17, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Online Shopping Portal 2.0 is vulnerable to Cross Site Scripting (XSS) via the quantity parameter in my-cart.php.

  • CVE-2024-44664Nov 17, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the name, summary, review, quality, price, and value parameters in product-details.php.

  • CVE-2024-44658Nov 17, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the subcategory and category parameters in subcategory.php.

  • CVE-2024-44663Nov 17, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the product parameter in search-result.php.

  • CVE-2024-44647Nov 17, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via the aremark parameter in manage-tickets.php.

  • CVE-2024-44657Nov 17, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the fromdate and todate parameters in between-date-userreport.php.

  • CVE-2024-44659Nov 17, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the email parameter in forgot-password.php.

  • CVE-2024-44641Nov 17, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the oldpass parameter in change-password.php.

  • CVE-2024-44648Nov 17, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via id and adminremark parameters in quote-details.php.

  • CVE-2024-44654Nov 17, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the email and mobileno parameters in reset-password.php.

  • CVE-2024-44660Nov 17, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the fullname, emailid, and contactno parameters in login.php.

  • CVE-2024-44662Nov 17, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the username parameter in the admin page.

Page 7 of 23