Filtered by vendor Phpgurukul
Subscribe
Total
968 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-57145 | 1 Phpgurukul | 1 Auto Taxi Stand Management System | 2025-10-08 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in the search-autootaxi.php endpoint of the ATSMS web application. The application fails to properly sanitize user input submitted through a form field, allowing an attacker to inject arbitrary JavaScript code. The malicious payload is stored in the backend and executed when a user or administrator accesses the affected report page. This allows attackers to exfiltrate session cookies, hijack user sessions, and perform unauthorized actions in the context of the victims browser. | |||||
| CVE-2025-61096 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2025-10-07 | N/A | 6.5 MEDIUM |
| PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter. | |||||
| CVE-2025-11330 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2025-10-07 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/sales-reports-detail.php. Such manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-28016 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-10-07 | N/A | 4.8 MEDIUM |
| A Reflected Cross-Site Scripting (XSS) vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the fname, lname, and contact parameters. | |||||
| CVE-2025-11053 | 1 Phpgurukul | 1 Small Crm | 2025-10-03 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in PHPGurukul Small CRM 4.0. This affects an unknown function of the file /forgot-password.php. Executing manipulation of the argument email can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-11112 | 1 Phpgurukul | 1 Employee Record Management System | 2025-10-02 | 5.0 MEDIUM | 4.3 MEDIUM |
| A security vulnerability has been detected in PHPGurukul Employee Record Management System 1.3. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument First name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-10459 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2025-10-02 | 7.5 HIGH | 7.3 HIGH |
| A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/all-appointment.php. The manipulation of the argument delid results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2023-6648 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2025-10-02 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file password-recovery.php. The manipulation of the argument username/contactno leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4026 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2025-09-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument adminname/mobilenumber leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4358 | 1 Phpgurukul | 1 Company Visitor Management System | 2025-09-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in PHPGurukul Company Visitor Management System 2.0. Affected is an unknown function of the file /admin-profile.php. The manipulation of the argument adminname/mobilenumber leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13080 | 1 Phpgurukul | 1 Land Record System | 2025-09-30 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in PHPGurukul Land Record System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/aboutus.php. The manipulation of the argument Page Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4332 | 1 Phpgurukul | 1 Company Visitor Management System | 2025-09-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Company Visitor Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /visitor-detail.php. The manipulation of the argument editid/remark leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-3088 | 1 Phpgurukul | 1 Emergency Ambulance Hiring Portal | 2025-09-29 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. This affects an unknown part of the file /admin/forgot-password.php of the component Forgot Password Page. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258681 was assigned to this vulnerability. | |||||
| CVE-2025-5078 | 2 Campcodes, Phpgurukul | 2 Online Shopping Portal, Online Shopping Portal | 2025-09-29 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/subcategory.php. Performing manipulation of the argument Category results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. | |||||
| CVE-2025-5079 | 2 Campcodes, Phpgurukul | 2 Online Shopping Portal, Online Shopping Portal | 2025-09-29 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/updateorder.php. Executing manipulation of the argument remark can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. | |||||
| CVE-2025-7559 | 1 Phpgurukul | 1 Online Fire Reporting System | 2025-09-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. This affects an unknown part of the file /admin/bwdates-report-result.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3231 | 1 Phpgurukul | 1 Zoo Management System | 2025-09-27 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some unknown processing of the file /aboutus.php. The manipulation of the argument pagetitle/pagedes leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-3767 | 1 Phpgurukul | 1 News Portal Project | 2025-09-27 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle/category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4191 | 1 Phpgurukul | 1 Employee Record Management System | 2025-09-27 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /editmyeducation.php. The manipulation of the argument coursepg/yophsc leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-7522 | 1 Phpgurukul | 1 Vehicle Parking Management System | 2025-09-26 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||