VYPR

Vendor CVEs

Phpgurukul

All CVEs

1,148 total · sorted by risk
  • CVE-2024-44660Nov 17, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the fullname, emailid, and contactno parameters in login.php.

  • CVE-2024-44640Nov 14, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the course-short, course-full, and cdate parameters in add-course.php.

  • CVE-2024-44635Nov 14, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Student Record System 3.20 is vulnerable to Cross Site Scripting (XSS) via adminname and aemailid parameters in /admin-profile.php.

  • CVE-2024-44632Nov 14, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the id and emailid parameters in password-recovery.php.

  • CVE-2024-44639Nov 14, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the sub1, sub2, sub3, sub4, and course-short parameters in add-subject.php.

  • CVE-2024-44636Nov 14, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the adminname and aemailid parameters in /admin-profile.php.

  • CVE-2024-44633Nov 14, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the currentpassword parameter in change-password.php.

  • CVE-2024-55016Nov 14, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Student Record Management System 3.20 is vulnerable to SQL Injection via the id and password parameters in login.php.

  • CVE-2024-44630Nov 14, 2025
    risk 0.00cvss epss 0.00

    Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income,…

  • CVE-2025-50363Nov 3, 2025
    risk 0.00cvss epss 0.00

    Phpgurukul Maid Hiring Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in /maid-hiring.php va the name field.

  • CVE-2025-61255Oct 21, 2025
    risk 0.00cvss epss 0.00

    Bank Locker Management System by PHPGurukul is affected by a Cross-Site Scripting (XSS) vulnerability via the /search parameter, where unsanitized input allows arbitrary HTML and JavaScript injection, potentially resulting in information disclosure and user redirection.

  • CVE-2025-28129Oct 6, 2025
    risk 0.00cvss epss 0.00

    Phpgurukul Hostel Management System 2.1 is vulnerable to clickjacking.

  • CVE-2025-61096Oct 2, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter.

  • CVE-2025-28016Sep 30, 2025
    risk 0.00cvss epss 0.00

    A Reflected Cross-Site Scripting (XSS) vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the fname, lname, and…

  • CVE-2025-56074Sep 22, 2025
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the fromdate parameter in a POST request.

  • CVE-2025-56075Sep 22, 2025
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the fromdate parameter in a POST request.

  • CVE-2025-57118Sep 15, 2025
    risk 0.00cvss epss 0.01

    An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php

  • CVE-2025-56710Sep 15, 2025
    risk 0.00cvss epss 0.00

    A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2.0. This flaw allows an attacker to trick authenticated users into unintentionally modifying their account details. By crafting a…

  • CVE-2025-52074Sep 12, 2025
    risk 0.00cvss epss 0.00

    PHPGURUKUL Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) due to lack of input sanitization in the quantity parameter when adding a product to the cart.

  • CVE-2025-40696Sep 11, 2025
    risk 0.00cvss epss 0.00

    Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user inputs 'fullname', 'location' and 'message' parameters via POST at the endpoint '/ofrs/reporting.php'. This…

  • CVE-2025-40695Sep 11, 2025
    risk 0.00cvss epss 0.00

    Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user inputs 'remark', 'status' and 'takeaction' parameters via POST at the endpoint…

  • CVE-2025-40694Sep 11, 2025
    risk 0.00cvss epss 0.00

    Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user inputs 'fromdate' and 'todate' parameters via POST at the endpoint '/ofrs/admin/bwdates-report-result.php'.…

  • CVE-2025-40693Sep 11, 2025
    risk 0.00cvss epss 0.00

    Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a reflected and stored authenticated XSS due to the lack of propper validation of user inputs 'tname' parameter via GET and, 'teamleadname', 'teammember' and 'teamname' parameters…

  • CVE-2025-40692Sep 11, 2025
    risk 0.00cvss epss 0.00

    SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via  'requestid' parameter in the endpoint '/ofrs/details.php'.

  • CVE-2025-40691Sep 11, 2025
    risk 0.00cvss epss 0.00

    SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via  'todate' parameter in the endpoint '/ofrs/admin/bwdates-report-result.php'.

  • CVE-2025-40690Sep 11, 2025
    risk 0.00cvss epss 0.00

    SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'teamid' parameter in the endpoint '/ofrs/admin/edit-team.php'.

  • CVE-2025-40689Sep 11, 2025
    risk 0.00cvss epss 0.00

    SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via  'remark', 'status' and 'requestid' parameters in the endpoint '/ofrs/admin/request-details.php'.

  • CVE-2025-40687Sep 11, 2025
    risk 0.00cvss epss 0.00

    SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via  'mobilenumber', 'teamleadname' and 'teammember' parameters in the endpoint '/ofrs/admin/add-team.php'.

  • CVE-2025-57576Sep 4, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) in /admin/updateorder.php.

  • CVE-2025-56254Sep 2, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference (IDOR) vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to access leave application details of other users.

  • CVE-2025-51044Jul 29, 2025
    risk 0.00cvss epss 0.00

    phpgurukul Nipah virus (NiV) Testing Management System 1.0 contains a SQL injection vulnerability in the /new-user-testing.php file, due to insufficient validation of user input for the " govtissuedid" parameter.

  • CVE-2025-51045Jul 29, 2025
    risk 0.00cvss epss 0.00

    Phpgurukul Pre-School Enrollment System 1.0 contains a SQL injection vulnerability in the /admin/password-recovery.php file. This vulnerability is attributed to the insufficient validation of user input for the username parameter.

  • CVE-2025-50494Jul 28, 2025
    risk 0.00cvss epss 0.01

    Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack.

  • CVE-2025-50488Jul 28, 2025
    risk 0.00cvss epss 0.00

    Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Library Management System v3.0 allows attackers to execute a session hijacking attack.

  • CVE-2025-50486Jul 28, 2025
    risk 0.00cvss epss 0.00

    Improper session invalidation in the component /carrental/update-password.php of PHPGurukul Car Rental Project v3.0 allows attackers to execute a session hijacking attack.

  • CVE-2025-50490Jul 28, 2025
    risk 0.00cvss epss 0.01

    Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.

  • CVE-2025-50491Jul 28, 2025
    risk 0.00cvss epss 0.00

    Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session hijacking attack.

  • CVE-2025-50484Jul 28, 2025
    risk 0.00cvss epss 0.00

    Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0 allows attackers to execute a session hijacking attack.

  • CVE-2025-50489Jul 28, 2025
    risk 0.00cvss epss 0.01

    Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.

  • CVE-2025-50485Jul 28, 2025
    risk 0.00cvss epss 0.00

    Improper session invalidation in the component /crm/change-password.php of PHPGurukul Online Course Registration v3.1 allows attackers to execute a session hijacking attack.

  • CVE-2025-50492Jul 28, 2025
    risk 0.00cvss epss 0.01

    Improper session invalidation in the component /edms/change-password.php of PHPGurukul e-Diary Management System v1 allows attackers to execute a session hijacking attack.

  • CVE-2025-7819Jul 19, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /create-pass.php of the component HTTP POST Request Handler. The manipulation of the argument visname leads to cross…

  • CVE-2025-50370Jun 27, 2025
    risk 0.00cvss epss 0.00

    A Cross-Site Request Forgery (CSRF) vulnerability exists in the Inquiry Management functionality /mcgs/admin/readenq.php of the Phpgurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authenticated admin to delete inquiry records via a simple GET…

  • CVE-2025-50367Jun 27, 2025
    risk 0.00cvss epss 0.00

    A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript.

  • CVE-2025-50369Jun 27, 2025
    risk 0.00cvss epss 0.00

    A Cross-Site Request Forgery (CSRF) vulnerability exists in the Manage Card functionality (/mcgs/admin/manage-card.php) of PHPGurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authorized admin to delete medical card records by sending a simple GET…

  • CVE-2025-51672Jun 26, 2025
    risk 0.00cvss epss 0.00

    A time-based blind SQL injection vulnerability was identified in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability exists in the manage-companies.php file and allows remote attackers to execute arbitrary SQL code via the companyname parameter in a POST…

  • CVE-2025-50350Jun 26, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Pre-School Enrollment System Project v1.0 is vulnerable to Directory Traversal in manage-classes.php.

  • CVE-2025-51671Jun 26, 2025
    risk 0.00cvss epss 0.00

    A SQL injection vulnerability was discovered in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability allows remote attackers to execute arbitrary SQL code via the category and categorycode parameters in a POST request to the manage-categories.php file.

  • CVE-2025-50699Jun 24, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in odms/admin/view-user-queries.php.

  • CVE-2025-50695Jun 24, 2025
    risk 0.00cvss epss 0.00

    PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in /admin/view-booking-detail.php and /admin/invoice-generating.php.

Page 8 of 23