Anujk305
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Anujk305 product.
RSS Feeds for Anujk305 security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Anujk305 products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Anujk305 Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 0 vulnerabilities in Anujk305. Last year, in 2025 Anujk305 had 25 security vulnerabilities published. Right now, Anujk305 is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 25 | 7.80 |
| 2024 | 4 | 5.60 |
| 2023 | 2 | 6.10 |
It may take a day or so for new Anujk305 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Anujk305 Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2025-50367 | Jun 27, 2025 |
Blind XSS in mcgs/contact.php of Phpgurukul Medical Card Generation System 1.0A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript. |
Medical Card Generation System
|
| CVE-2025-50369 | Jun 27, 2025 |
CSRF in PHPGurukul Medical Card Gen Sys 1.0 – /mcgs/admin/manage-card.phpA Cross-Site Request Forgery (CSRF) vulnerability exists in the Manage Card functionality (/mcgs/admin/manage-card.php) of PHPGurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authorized admin to delete medical card records by sending a simple GET request without verifying the origin of the request. |
Medical Card Generation System
|
| CVE-2025-50370 | Jun 27, 2025 |
CSRF: Authenticated DELETE via GET in Phpgurukul MCGS 1.0 readenq.phpA Cross-Site Request Forgery (CSRF) vulnerability exists in the Inquiry Management functionality /mcgs/admin/readenq.php of the Phpgurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authenticated admin to delete inquiry records via a simple GET request, without requiring a CSRF token or validating the origin of the request. |
Medical Card Generation System
|
| CVE-2025-6613 | Jun 25, 2025 |
PHPGurukul HMS 4.0 XSS via Name arg in /doctor/manage-patient.phpA vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability is an unknown functionality of the file /doctor/manage-patient.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
Hospital Management System
|
| CVE-2025-6570 | Jun 24, 2025 |
CVE-2025-6570: Critical SQL Injection in PHPGurukul HMD 4.0 /doctor/search.phpA vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
Hospital Management System
|
| CVE-2025-6301 | Jun 20, 2025 |
PHPGurukul Notice Board 1.0 – XSS via Add Notice ArgA vulnerability, which was classified as problematic, has been found in PHPGurukul Notice Board System 1.0. This issue affects some unknown processing of the file /admin/manage-notices.php of the component Add Notice. The manipulation of the argument Title/Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
Notice Board System
|
| CVE-2025-6288 | Jun 20, 2025 |
XSS in PHPGurukul Bus Pass Mgmt Sys 1.0 Profile Page (admin-profile.php)A vulnerability, which was classified as problematic, has been found in PHPGurukul Bus Pass Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin-profile.php of the component Profile Page. The manipulation of the argument profile name leads to cross site scripting. The attack may be launched remotely. |
Bus Pass Management System
|
| CVE-2025-5913 | Jun 10, 2025 |
PHPGurukul VRS 1.0: SQLi via /admin/search-vehicle.php (critical)A vulnerability was found in PHPGurukul Vehicle Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/search-vehicle.php. The manipulation of the argument searchinputdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
Vehicle Record Management System
|
| CVE-2025-5707 | Jun 06, 2025 |
SQL Injection in PHPGurukul HMM Testing 1.0 via /registered-user-testing.phpA vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registered-user-testing.php. The manipulation of the argument testtype leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. |
Human Metapneumovirus Hmpv Testing Management System
|
| CVE-2025-5706 | Jun 06, 2025 |
SQLi in PHPGurukul Human Metapneumovirus Testing Sys 1.0 via /new-user-testing.phpA vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /new-user-testing.php. The manipulation of the argument state leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. |
Human Metapneumovirus Hmpv Testing Management System
|
| CVE-2025-5694 | Jun 05, 2025 |
SQLi in PHPGurukul HMM Mngmnt 1.0 /search-report-result.php via serachdataA vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
Human Metapneumovirus Hmpv Testing Management System
|
| CVE-2025-5693 | Jun 05, 2025 |
Critical SQLi in PHPGurukul HMMTS 1.0 via bwdates-report-result.phpA vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bwdates-report-result.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
Human Metapneumovirus Hmpv Testing Management System
|
| CVE-2025-5584 | Jun 04, 2025 |
CVE-2025-5584: XSS in PHPGurukul HMs 4.0 via POST patnameA vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been classified as problematic. Affected is an unknown function of the file /doctor/edit-patient.php?editid=2 of the component POST Parameter Handler. The manipulation of the argument patname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
Hospital Management System
|
| CVE-2024-51107 | May 23, 2025 |
XSS in PHPGURUKUL Card Gen 1.0 – /mcgs/admin/contactus.php via paramsMultiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle, pagedes, and email parameters. |
Medical Card Generation System
|
| CVE-2024-51108 | May 23, 2025 |
XSS in PHPGURUKUL Medical Card Gen System v1.0 /admin/card-bwdates-report.phpMultiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fromdate and todate parameters. |
Medical Card Generation System
|
| CVE-2024-51106 | May 19, 2025 |
XSS in PHPGURUKUL Med Card Gen System v1.0 admin/aboutus.phpA cross-site scripting (XSS) vulnerability in the component mcgs/admin/aboutus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle parameter. |
Medical Card Generation System
|
| CVE-2025-4736 | May 16, 2025 |
Critical SQLi in PHPGurukul Daily Expense Tracker 1.1 register.phpA vulnerability was found in PHPGurukul Daily Expense Tracker 1.1 and classified as critical. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
Daily Expense Tracker
|
| CVE-2025-44181 | May 15, 2025 |
Phpgurukul Vehicle Record Management System v1.0 XSS via /admin/add-brand.phpPhpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/add-brand.php via the brandname parameter. |
Vehicle Record Management System
|
| CVE-2025-44180 | May 15, 2025 |
Phpgurukul Vehicle Record Management v1.0 XSS in /edit-brand.phpPhpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit-brand.php?bid={brandId}. |
Vehicle Record Management System
|
| CVE-2025-44182 | May 15, 2025 |
Phpgurukul v1.0 Vehicle Record Management System – XSS via /admin/edit-vehicle.phpPhpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the vehiclename, modelnumber, regnumber, vehiclesubtype, chasisnum, enginenumber' in the /admin/edit-vehicle.php component. This allows attackers to execute arbitrary code. |
Vehicle Record Management System
|
| CVE-2025-44183 | May 15, 2025 |
XSS in Phpgurukul Vehicle Record Management System v1.0 admin/profile.phpPhpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the name, email, and mobile parameters. |
Vehicle Record Management System
|
| CVE-2025-4266 | May 05, 2025 |
PHPGurukul Notice Board System 1.0 SQLi in bwdates-reports-details.phpA vulnerability, which was classified as critical, has been found in PHPGurukul Notice Board System 1.0. Affected by this issue is some unknown functionality of the file /bwdates-reports-details.php?vid=2. The manipulation of the argument fromdate/tomdate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
Notice Board System
|
| CVE-2025-4060 | Apr 29, 2025 |
PHPGurukul Notice Board System 1.0 Remote SQLi via category.php (catname)A vulnerability, which was classified as critical, has been found in PHPGurukul Notice Board System 1.0. This issue affects some unknown processing of the file /category.php. The manipulation of the argument catname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
Notice Board System
|
| CVE-2025-29640 | Mar 21, 2025 |
SQL Injection in Testing Management System v1.0 /patient-report.php (searchdata)Phpgurukul Human Metapneumovirus (HMPV) Testing Management System v1.0 is vulnerable to SQL Injection in /patient-report.php via the parameter searchdata.. |
Human Metapneumovirus Hmpv Testing Management System
|
| CVE-2025-29641 | Mar 21, 2025 |
SQL Injection in Phpgurukul Vehicle Record Mgmt System v1.0 via searchinputdataPhpgurukul Vehicle Record Management System v1.0 is vulnerable to SQL Injection in /index.php via the 'searchinputdata' parameter. |
Vehicle Record Management System
|
| CVE-2024-48703 | Dec 06, 2024 |
PhpGurukul Medical Card Generation System: Cross-Site Scripting (XSS) Vulnerability in search-medicaPhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter. |
Medical Card Generation System
|
| CVE-2024-10297 | Oct 23, 2024 |
PHPGurukul MedicCardGen 1.0: /admin/changeimage.php SQLi via editidA vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/changeimage.php of the component Managecard Edit Image Page. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
Medical Card Generation System
|
| CVE-2024-44798 | Sep 13, 2024 |
XSS in Bus Pass Mgmt Sys 1.0 via fromdate/toDate paramsphpgurukul Bus Pass Management System 1.0 is vulnerable to Cross-site scripting (XSS) in /admin/pass-bwdates-reports-details.php via fromdate and todate parameters. |
Bus Pass Management System
|
| CVE-2024-29390 | Jun 20, 2024 |
Daily Expenses Management System 1.0: time-based blind SQLi in add-expense.phpDaily Expenses Management System version 1.0, developed by PHP Gurukul, contains a time-based blind SQL injection vulnerability in the 'add-expense.php' page. An attacker can exploit the 'item' parameter in a POST request to execute arbitrary SQL commands in the backend database. This can be done by injecting specially crafted SQL queries that make the database perform time-consuming operations, thereby confirming the presence of the SQL injection vulnerability based on the delay in the server's response. |
Daily Expenses Management System
|
| CVE-2023-5305 | Sep 30, 2023 |
Remote XSS in Online Banquet Booking System 1.0 Contact Us mail.phpA vulnerability was found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /mail.php of the component Contact Us Page. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-240944. |
Online Banquet Booking System
|
| CVE-2023-5304 | Sep 30, 2023 |
Remote XSS in /book-services.php of Online Banquet Booking System 1.0A vulnerability has been found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /book-services.php of the component Service Booking. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-240943. |
Online Banquet Booking System
|