Phpgurukul

A vulnerability classified as problematic has been found in PHPGurukul Nipah Virus Testing Management System 1.0

CVE-2023-6297 6.1 - Medium - November 26, 2023

A vulnerability classified as problematic has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file patient-search-report.php of the component Search Report Page. The manipulation of the argument Search By Patient Name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246123.

XSS

Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting (XSS) on the profile.php page

CVE-2023-47446 5.4 - Medium - November 15, 2023

Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting (XSS) on the profile.php page via fullname parameter.

XSS

Pre-School Enrollment version 1.0 is vulnerable to SQL Injection

CVE-2023-47445 9.8 - Critical - November 15, 2023

Pre-School Enrollment version 1.0 is vulnerable to SQL Injection via the username parameter in preschool/admin/ page.

SQL Injection

Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0

CVE-2023-46026 4.8 - Medium - November 14, 2023

Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary code via the 'adminname' and 'email' parameters.

XSS

SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management System 1.0

CVE-2023-46025 4.9 - Medium - November 14, 2023

SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to obtain sensitive information via the 'editid' parameter.

SQL Injection

SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0

CVE-2023-46024 7.5 - High - November 14, 2023

SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter.

SQL Injection

A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0

CVE-2023-6076 7.5 - High - November 10, 2023

A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file booking-details.php of the component Reservation Status Handler. The manipulation of the argument bid leads to information disclosure. The attack can be launched remotely. The identifier VDB-244945 was assigned to this vulnerability.

A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0

CVE-2023-6075 6.1 - Medium - November 10, 2023

A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file index.php of the component Reservation Request Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-244944.

A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0

CVE-2023-6074 9.8 - Critical - November 10, 2023

A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file check-status.php of the component Booking Reservation Handler. The manipulation leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-244943.

SQL Injection

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical

CVE-2023-5804 9.8 - Critical - October 26, 2023

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The identifier VDB-243617 was assigned to this vulnerability.

SQL Injection

A vulnerability was found in PHPGurukul Online Railway Catering System 1.0

CVE-2023-5794 9.8 - Critical - October 26, 2023

A vulnerability was found in PHPGurukul Online Railway Catering System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-243600.

SQL Injection

SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0

CVE-2023-46584 9.8 - Critical - October 25, 2023

SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint.

SQL Injection

Cross-Site Scripting (XSS) vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0

CVE-2023-46583 6.1 - Medium - October 25, 2023

Cross-Site Scripting (XSS) vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows attackers to execute arbitrary code via a crafted payload injected into the State field.

XSS

A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0

CVE-2023-5303 6.1 - Medium - September 30, 2023

A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0. Affected is an unknown function of the file /view-booking-detail.php of the component Account Detail Handler. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. VDB-240942 is the identifier assigned to this vulnerability.

XSS

A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0

CVE-2023-41614 4.8 - Medium - September 21, 2023

A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description of Animal parameter.

XSS

Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop Management System Using PHP and MySQL v1.1

CVE-2023-41593 5.4 - Medium - September 11, 2023

Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop Management System Using PHP and MySQL v1.1 allow attackers to execute arbitrary web scripts and HTML via a crafted payload injected into the Category and Category Field parameters.

XSS

Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2

CVE-2023-41575 5.4 - Medium - September 08, 2023

Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters.

XSS

Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function

CVE-2023-41594 7.5 - High - September 08, 2023

Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters.

SQL Injection

Zoo Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the Admin sign-in page

CVE-2023-41615 9.8 - Critical - September 08, 2023

Zoo Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the Admin sign-in page via the username and password fields.

SQL Injection

Online Shopping Portal Project 3.1

CVE-2023-38890 8.8 - High - August 18, 2023

Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks.

SQL Injection

Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page.

CVE-2023-37690 4.8 - Medium - August 08, 2023

Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page.

XSS

Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Booking Request page.

CVE-2023-37689 4.8 - Medium - August 08, 2023

Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Booking Request page.

XSS

Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Admin page.

CVE-2023-37688 4.8 - Medium - August 08, 2023

Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Admin page.

XSS

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the View Request of Nurse Page in the Admin portal.

CVE-2023-37687 7.2 - High - August 08, 2023

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the View Request of Nurse Page in the Admin portal.

SQL Injection

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal.

CVE-2023-37686 4.8 - Medium - August 08, 2023

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal.

XSS

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Page of the Admin portal.

CVE-2023-37685 4.8 - Medium - August 08, 2023

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Page of the Admin portal.

XSS

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Details of the Admin portal.

CVE-2023-37684 4.8 - Medium - August 08, 2023

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Details of the Admin portal.

XSS

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Profile Page of the Admin.

CVE-2023-37683 4.8 - Medium - August 08, 2023

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Profile Page of the Admin.

XSS

PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection

CVE-2023-39551 9.8 - Critical - August 04, 2023

PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.

SQL Injection

Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability

CVE-2023-37772 8.8 - High - August 01, 2023

Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php.

SQL Injection

Art Gallery Management System v1.0 contains a SQL injection vulnerability

CVE-2023-37771 9.8 - Critical - July 31, 2023

Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php.

SQL Injection

A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2

CVE-2023-36942 6.1 - Medium - July 27, 2023

A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the website title field.

XSS

A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2

CVE-2023-36941 6.1 - Medium - July 27, 2023

A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name, leader, and member fields.

XSS

A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0

CVE-2023-37746 6.1 - Medium - July 13, 2023

A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of the /admin/contactus.php component.

XSS

A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0

CVE-2023-37745 6.1 - Medium - July 13, 2023

A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of the /admin/aboutus.php component.

XSS

Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability

CVE-2023-37744 6.1 - Medium - July 13, 2023

Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-booking-request.php.

XSS

A vulnerability was found in PHPGurukul Online Shopping Portal 1.0

CVE-2023-3605 9.1 - Critical - July 10, 2023

A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Registration Page. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233467.

Improper Restriction of Excessive Authentication Attempts

Cross Site Scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL v.1.2

CVE-2023-36940 4.8 - Medium - July 10, 2023

Cross Site Scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL v.1.2 allows attackers to execute arbitrary code via a crafted payload injected into the search field.

XSS

Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1

CVE-2023-36939 6.1 - Medium - July 10, 2023

Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the search booking field.

XSS

Cross-Site Scripting (XSS) vulnerability in PHPGurukul Online Security Guards Hiring System using PHP and MySQL 1.0

CVE-2023-36936 6.1 - Medium - July 10, 2023

Cross-Site Scripting (XSS) vulnerability in PHPGurukul Online Security Guards Hiring System using PHP and MySQL 1.0 allows attackers to execute arbitrary code via a crafted payload to the search booking box.

XSS

Cross Site Scripting vulnerability in Hostel Management System v2.1

CVE-2023-36375 5.4 - Medium - July 10, 2023

Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page.

XSS

Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1

CVE-2023-36376 4.8 - Medium - July 10, 2023

Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the add course section.

XSS

PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).

CVE-2023-34647 6.1 - Medium - June 28, 2023

PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).

XSS

PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS)

CVE-2023-34652 6.1 - Medium - June 28, 2023

PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course.

XSS

Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page.

CVE-2023-33580 4.8 - Medium - June 26, 2023

Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page.

XSS

Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0

CVE-2023-34666 6.1 - Medium - June 15, 2023

Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter.

XSS

Old Age Home Management 1.0 is vulnerable to SQL Injection

CVE-2023-33338 9.8 - Critical - May 23, 2023

Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.

SQL Injection

A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0

CVE-2023-31498 9.8 - Critical - May 11, 2023

A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter.

Session Fixation

A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0

CVE-2023-1964 9.1 - Critical - April 09, 2023

A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. Affected is an unknown function of the file recovery.php of the component Password Reset. The manipulation of the argument uname/mobile leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225360.

SQL Injection

A vulnerability was found in PHPGurukul Bank Locker Management System 1.0

CVE-2023-1963 9.8 - Critical - April 09, 2023

A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php of the component Search. The manipulation of the argument searchinput leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225359.

SQL Injection

A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical

CVE-2023-1950 9.8 - Critical - April 08, 2023

A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file password-recovery.php of the component Password Recovery. The manipulation of the argument emailid/contactno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225337 was assigned to this vulnerability.

SQL Injection

A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0

CVE-2023-1949 9.8 - Critical - April 08, 2023

A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file change-password.php of the component Change Password Handler. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225336.

SQL Injection

A vulnerability, which was classified as problematic, has been found in PHPGurukul BP Monitoring Management System 1.0

CVE-2023-1948 6.1 - Medium - April 08, 2023

A vulnerability, which was classified as problematic, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file add-family-member.php of the component Add New Family Member Handler. The manipulation of the argument Member Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225335.

XSS

A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0

CVE-2023-1909 6.5 - Medium - April 07, 2023

A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file profile.php of the component User Profile Update Handler. The manipulation of the argument name/mobno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225318 is the identifier assigned to this vulnerability.

SQL Injection

Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection

CVE-2023-26959 9.8 - Critical - March 27, 2023

Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name parameter.

SQL Injection

Phpgurukul Park Ticketing Management System 1.0 is vulnerable to Cross Site Scripting (XSS)

CVE-2023-26958 4.8 - Medium - March 27, 2023

Phpgurukul Park Ticketing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Admin Name parameter.

XSS

BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability

CVE-2023-27074 9.8 - Critical - March 14, 2023

BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability via the emailid parameter in the login page.

SQL Injection

A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0

CVE-2023-0563 4.8 - Medium - January 28, 2023

A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219717 was assigned to this vulnerability.

XSS

A vulnerability was found in PHPGurukul Bank Locker Management System 1.0

CVE-2023-0562 9.8 - Critical - January 28, 2023

A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219716.

SQL Injection

phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable to Cross Site Scripting (XSS)

CVE-2022-46128 6.1 - Medium - January 26, 2023

phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable to Cross Site Scripting (XSS) via searchdata=.

XSS

A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0

CVE-2022-45730 6.1 - Medium - January 26, 2023

A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function.

XSS

A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0

CVE-2022-47102 5.4 - Medium - January 12, 2023

A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.

XSS

A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0

CVE-2022-45729 6.1 - Medium - January 12, 2023

A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee ID parameter.

XSS

Doctor Appointment Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability.

CVE-2022-45728 6.1 - Medium - January 12, 2023

Doctor Appointment Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability.

XSS

AutoTaxi Stand Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability

CVE-2022-43369 6.1 - Medium - December 06, 2022

AutoTaxi Stand Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component search.php.

XSS

Phpgurukul Blood Donor Management System 1.0

CVE-2022-40470 4.8 - Medium - November 21, 2022

Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature.

XSS

Employee Record Management System v 1.2 is vulnerable to SQL Injection

CVE-2021-37782 9.8 - Critical - October 28, 2022

Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php.

SQL Injection

Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS)

CVE-2021-37781 5.4 - Medium - October 28, 2022

Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php.

XSS

Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS)

CVE-2021-35388 5.4 - Medium - October 28, 2022

Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.

XSS

Hospital Management System v 4.0 is vulnerable to SQL Injection

CVE-2021-35387 8.8 - High - October 28, 2022

Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.

SQL Injection

PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS)

CVE-2022-42206 5.4 - Medium - October 21, 2022

PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php.

XSS

PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS)

CVE-2022-42205 5.4 - Medium - October 21, 2022

PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php.

XSS

Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection

CVE-2022-40943 9.8 - Critical - September 30, 2022

Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file.

SQL Injection

Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability

CVE-2022-35156 9.8 - Critical - September 30, 2022

Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php..

SQL Injection

Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability

CVE-2022-35155 6.1 - Medium - September 30, 2022

Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter.

XSS

Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection

CVE-2022-40944 9.8 - Critical - September 30, 2022

Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file.

SQL Injection

Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_event" file of the "Events" module in the background management system.

CVE-2022-40925 7.2 - High - September 26, 2022

Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_event" file of the "Events" module in the background management system.

Unrestricted File Upload

Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system.

CVE-2022-40924 7.2 - High - September 26, 2022

Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system.

Unrestricted File Upload

In Zoo Management System v1.0

CVE-2022-40932 7.2 - High - September 22, 2022

In Zoo Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of the "gallery" file of the "Gallery" module in the background management system.

Unrestricted File Upload

Multiple SQL injections detected in Bus Pass Management System 1.0

CVE-2022-36198 9.8 - Critical - August 22, 2022

Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php

SQL Injection

Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0

CVE-2020-23466 5.4 - Medium - August 19, 2022

Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0 allows attackers to run arbitrary code via the wzipcode field.

XSS

A vulnerability was found in SourceCodester Zoo Management System

CVE-2022-2804 9.8 - Critical - August 12, 2022

A vulnerability was found in SourceCodester Zoo Management System. It has been classified as critical. Affected is an unknown function of the file /pages/apply_vacancy.php. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-206250 is the identifier assigned to this vulnerability.

Unrestricted File Upload

A vulnerability was found in SourceCodester Zoo Management System and classified as critical

CVE-2022-2803 9.8 - Critical - August 12, 2022

A vulnerability was found in SourceCodester Zoo Management System and classified as critical. This issue affects some unknown processing of the file /pages/animals.php. The manipulation of the argument class_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206249 was assigned to this vulnerability.

SQL Injection

A stored cross-site scripting (XSS) vulnerability in the Add Classification function of Zoo Management System v1.0

CVE-2022-33075 5.4 - Medium - July 05, 2022

A stored cross-site scripting (XSS) vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors.

XSS

SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS)

CVE-2022-31897 6.1 - Medium - June 29, 2022

SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=.

XSS

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability

CVE-2022-31384 9.8 - Critical - June 16, 2022

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php.

SQL Injection

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability

CVE-2022-31383 9.8 - Critical - June 16, 2022

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php.

SQL Injection

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability

CVE-2022-31382 9.8 - Critical - June 16, 2022

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php.

SQL Injection

Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS)

CVE-2022-31914 5.4 - Medium - June 16, 2022

Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24.

XSS

Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF).

CVE-2022-30930 4.3 - Medium - June 14, 2022

Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF).

Session Riding

A vulnerability classified as problematic has been found in Zoo Management System 1.0

CVE-2021-4232 6.1 - Medium - May 26, 2022

A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. It is possible to launch the attack remotely.

XSS

Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2

CVE-2022-29005 6.1 - Medium - May 23, 2022

Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters.

XSS

Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability

CVE-2022-29004 6.1 - Medium - May 23, 2022

Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.

XSS

A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0

CVE-2022-1816 5.4 - Medium - May 23, 2022

A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input <script>alert(1)</script> leads to an authenticated cross site scripting. Exploit details have been disclosed to the public.

XSS

A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0

CVE-2022-28992 8.8 - High - May 20, 2022

A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request.

Session Riding

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0

CVE-2022-29006 9.8 - Critical - May 11, 2022

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.

SQL Injection

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0

CVE-2022-29009 9.8 - Critical - May 11, 2022

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.

SQL Injection

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0

CVE-2022-29007 9.8 - Critical - May 11, 2022

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication.

SQL Injection

An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0

CVE-2022-29008 6.5 - Medium - May 11, 2022

An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information.

Insecure Direct Object Reference / IDOR

Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/animals

CVE-2022-27992 8.8 - High - April 08, 2022

Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/animals via the class_id parameter.

SQL Injection