Phpgurukul
Products by Phpgurukul Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2023 there have been 64 vulnerabilities in Phpgurukul with an average score of 6.9 out of ten. Last year Phpgurukul had 42 security vulnerabilities published. That is, 22 more vulnerabilities have already been reported in 2023 as compared to last year. Last year, the average CVE base score was greater by 0.80
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 64 | 6.93 |
2022 | 42 | 7.74 |
2021 | 43 | 7.40 |
2020 | 20 | 7.91 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Phpgurukul vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Phpgurukul Security Vulnerabilities
A vulnerability classified as problematic has been found in PHPGurukul Nipah Virus Testing Management System 1.0
CVE-2023-6297
6.1 - Medium
- November 26, 2023
A vulnerability classified as problematic has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file patient-search-report.php of the component Search Report Page. The manipulation of the argument Search By Patient Name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246123.
XSS
Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting (XSS) on the profile.php page
CVE-2023-47446
5.4 - Medium
- November 15, 2023
Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting (XSS) on the profile.php page via fullname parameter.
XSS
Pre-School Enrollment version 1.0 is vulnerable to SQL Injection
CVE-2023-47445
9.8 - Critical
- November 15, 2023
Pre-School Enrollment version 1.0 is vulnerable to SQL Injection via the username parameter in preschool/admin/ page.
SQL Injection
Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0
CVE-2023-46026
4.8 - Medium
- November 14, 2023
Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary code via the 'adminname' and 'email' parameters.
XSS
SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management System 1.0
CVE-2023-46025
4.9 - Medium
- November 14, 2023
SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to obtain sensitive information via the 'editid' parameter.
SQL Injection
SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0
CVE-2023-46024
7.5 - High
- November 14, 2023
SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter.
SQL Injection
A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0
CVE-2023-6076
7.5 - High
- November 10, 2023
A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file booking-details.php of the component Reservation Status Handler. The manipulation of the argument bid leads to information disclosure. The attack can be launched remotely. The identifier VDB-244945 was assigned to this vulnerability.
A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0
CVE-2023-6075
6.1 - Medium
- November 10, 2023
A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file index.php of the component Reservation Request Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-244944.
A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0
CVE-2023-6074
9.8 - Critical
- November 10, 2023
A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file check-status.php of the component Booking Reservation Handler. The manipulation leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-244943.
SQL Injection
A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical
CVE-2023-5804
9.8 - Critical
- October 26, 2023
A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The identifier VDB-243617 was assigned to this vulnerability.
SQL Injection
A vulnerability was found in PHPGurukul Online Railway Catering System 1.0
CVE-2023-5794
9.8 - Critical
- October 26, 2023
A vulnerability was found in PHPGurukul Online Railway Catering System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-243600.
SQL Injection
SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0
CVE-2023-46584
9.8 - Critical
- October 25, 2023
SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint.
SQL Injection
Cross-Site Scripting (XSS) vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0
CVE-2023-46583
6.1 - Medium
- October 25, 2023
Cross-Site Scripting (XSS) vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows attackers to execute arbitrary code via a crafted payload injected into the State field.
XSS
A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0
CVE-2023-5303
6.1 - Medium
- September 30, 2023
A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0. Affected is an unknown function of the file /view-booking-detail.php of the component Account Detail Handler. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. VDB-240942 is the identifier assigned to this vulnerability.
XSS
A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0
CVE-2023-41614
4.8 - Medium
- September 21, 2023
A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description of Animal parameter.
XSS
Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop Management System Using PHP and MySQL v1.1
CVE-2023-41593
5.4 - Medium
- September 11, 2023
Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop Management System Using PHP and MySQL v1.1 allow attackers to execute arbitrary web scripts and HTML via a crafted payload injected into the Category and Category Field parameters.
XSS
Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2
CVE-2023-41575
5.4 - Medium
- September 08, 2023
Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters.
XSS
Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function
CVE-2023-41594
7.5 - High
- September 08, 2023
Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters.
SQL Injection
Zoo Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the Admin sign-in page
CVE-2023-41615
9.8 - Critical
- September 08, 2023
Zoo Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the Admin sign-in page via the username and password fields.
SQL Injection
Online Shopping Portal Project 3.1
CVE-2023-38890
8.8 - High
- August 18, 2023
Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks.
SQL Injection
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page.
CVE-2023-37690
4.8 - Medium
- August 08, 2023
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page.
XSS
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Booking Request page.
CVE-2023-37689
4.8 - Medium
- August 08, 2023
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Booking Request page.
XSS
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Admin page.
CVE-2023-37688
4.8 - Medium
- August 08, 2023
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Admin page.
XSS
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the View Request of Nurse Page in the Admin portal.
CVE-2023-37687
7.2 - High
- August 08, 2023
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the View Request of Nurse Page in the Admin portal.
SQL Injection
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal.
CVE-2023-37686
4.8 - Medium
- August 08, 2023
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal.
XSS
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Page of the Admin portal.
CVE-2023-37685
4.8 - Medium
- August 08, 2023
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Page of the Admin portal.
XSS
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Details of the Admin portal.
CVE-2023-37684
4.8 - Medium
- August 08, 2023
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Details of the Admin portal.
XSS
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Profile Page of the Admin.
CVE-2023-37683
4.8 - Medium
- August 08, 2023
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Profile Page of the Admin.
XSS
PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection
CVE-2023-39551
9.8 - Critical
- August 04, 2023
PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.
SQL Injection
Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability
CVE-2023-37772
8.8 - High
- August 01, 2023
Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php.
SQL Injection
Art Gallery Management System v1.0 contains a SQL injection vulnerability
CVE-2023-37771
9.8 - Critical
- July 31, 2023
Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php.
SQL Injection
A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2
CVE-2023-36942
6.1 - Medium
- July 27, 2023
A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the website title field.
XSS
A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2
CVE-2023-36941
6.1 - Medium
- July 27, 2023
A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name, leader, and member fields.
XSS
A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0
CVE-2023-37746
6.1 - Medium
- July 13, 2023
A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of the /admin/contactus.php component.
XSS
A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0
CVE-2023-37745
6.1 - Medium
- July 13, 2023
A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of the /admin/aboutus.php component.
XSS
Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability
CVE-2023-37744
6.1 - Medium
- July 13, 2023
Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-booking-request.php.
XSS
A vulnerability was found in PHPGurukul Online Shopping Portal 1.0
CVE-2023-3605
9.1 - Critical
- July 10, 2023
A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Registration Page. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233467.
Improper Restriction of Excessive Authentication Attempts
Cross Site Scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL v.1.2
CVE-2023-36940
4.8 - Medium
- July 10, 2023
Cross Site Scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL v.1.2 allows attackers to execute arbitrary code via a crafted payload injected into the search field.
XSS
Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1
CVE-2023-36939
6.1 - Medium
- July 10, 2023
Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the search booking field.
XSS
Cross-Site Scripting (XSS) vulnerability in PHPGurukul Online Security Guards Hiring System using PHP and MySQL 1.0
CVE-2023-36936
6.1 - Medium
- July 10, 2023
Cross-Site Scripting (XSS) vulnerability in PHPGurukul Online Security Guards Hiring System using PHP and MySQL 1.0 allows attackers to execute arbitrary code via a crafted payload to the search booking box.
XSS
Cross Site Scripting vulnerability in Hostel Management System v2.1
CVE-2023-36375
5.4 - Medium
- July 10, 2023
Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page.
XSS
Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1
CVE-2023-36376
4.8 - Medium
- July 10, 2023
Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the add course section.
XSS
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).
CVE-2023-34647
6.1 - Medium
- June 28, 2023
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).
XSS
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-34652
6.1 - Medium
- June 28, 2023
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course.
XSS
Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page.
CVE-2023-33580
4.8 - Medium
- June 26, 2023
Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page.
XSS
Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0
CVE-2023-34666
6.1 - Medium
- June 15, 2023
Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter.
XSS
Old Age Home Management 1.0 is vulnerable to SQL Injection
CVE-2023-33338
9.8 - Critical
- May 23, 2023
Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.
SQL Injection
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0
CVE-2023-31498
9.8 - Critical
- May 11, 2023
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter.
Session Fixation
A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0
CVE-2023-1964
9.1 - Critical
- April 09, 2023
A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. Affected is an unknown function of the file recovery.php of the component Password Reset. The manipulation of the argument uname/mobile leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225360.
SQL Injection
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0
CVE-2023-1963
9.8 - Critical
- April 09, 2023
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php of the component Search. The manipulation of the argument searchinput leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225359.
SQL Injection
A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical
CVE-2023-1950
9.8 - Critical
- April 08, 2023
A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file password-recovery.php of the component Password Recovery. The manipulation of the argument emailid/contactno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225337 was assigned to this vulnerability.
SQL Injection
A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0
CVE-2023-1949
9.8 - Critical
- April 08, 2023
A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file change-password.php of the component Change Password Handler. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225336.
SQL Injection
A vulnerability, which was classified as problematic, has been found in PHPGurukul BP Monitoring Management System 1.0
CVE-2023-1948
6.1 - Medium
- April 08, 2023
A vulnerability, which was classified as problematic, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file add-family-member.php of the component Add New Family Member Handler. The manipulation of the argument Member Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225335.
XSS
A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0
CVE-2023-1909
6.5 - Medium
- April 07, 2023
A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file profile.php of the component User Profile Update Handler. The manipulation of the argument name/mobno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225318 is the identifier assigned to this vulnerability.
SQL Injection
Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection
CVE-2023-26959
9.8 - Critical
- March 27, 2023
Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name parameter.
SQL Injection
Phpgurukul Park Ticketing Management System 1.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-26958
4.8 - Medium
- March 27, 2023
Phpgurukul Park Ticketing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Admin Name parameter.
XSS
BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability
CVE-2023-27074
9.8 - Critical
- March 14, 2023
BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability via the emailid parameter in the login page.
SQL Injection
A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0
CVE-2023-0563
4.8 - Medium
- January 28, 2023
A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219717 was assigned to this vulnerability.
XSS
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0
CVE-2023-0562
9.8 - Critical
- January 28, 2023
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219716.
SQL Injection
phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2022-46128
6.1 - Medium
- January 26, 2023
phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable to Cross Site Scripting (XSS) via searchdata=.
XSS
A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0
CVE-2022-45730
6.1 - Medium
- January 26, 2023
A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function.
XSS
A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0
CVE-2022-47102
5.4 - Medium
- January 12, 2023
A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.
XSS
A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0
CVE-2022-45729
6.1 - Medium
- January 12, 2023
A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee ID parameter.
XSS
Doctor Appointment Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability.
CVE-2022-45728
6.1 - Medium
- January 12, 2023
Doctor Appointment Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability.
XSS
AutoTaxi Stand Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability
CVE-2022-43369
6.1 - Medium
- December 06, 2022
AutoTaxi Stand Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component search.php.
XSS
Phpgurukul Blood Donor Management System 1.0
CVE-2022-40470
4.8 - Medium
- November 21, 2022
Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature.
XSS
Employee Record Management System v 1.2 is vulnerable to SQL Injection
CVE-2021-37782
9.8 - Critical
- October 28, 2022
Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php.
SQL Injection
Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS)
CVE-2021-37781
5.4 - Medium
- October 28, 2022
Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php.
XSS
Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2021-35388
5.4 - Medium
- October 28, 2022
Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.
XSS
Hospital Management System v 4.0 is vulnerable to SQL Injection
CVE-2021-35387
8.8 - High
- October 28, 2022
Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.
SQL Injection
PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2022-42206
5.4 - Medium
- October 21, 2022
PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php.
XSS
PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2022-42205
5.4 - Medium
- October 21, 2022
PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php.
XSS
Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection
CVE-2022-40943
9.8 - Critical
- September 30, 2022
Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file.
SQL Injection
Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability
CVE-2022-35156
9.8 - Critical
- September 30, 2022
Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php..
SQL Injection
Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability
CVE-2022-35155
6.1 - Medium
- September 30, 2022
Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter.
XSS
Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection
CVE-2022-40944
9.8 - Critical
- September 30, 2022
Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file.
SQL Injection
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_event" file of the "Events" module in the background management system.
CVE-2022-40925
7.2 - High
- September 26, 2022
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_event" file of the "Events" module in the background management system.
Unrestricted File Upload
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system.
CVE-2022-40924
7.2 - High
- September 26, 2022
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system.
Unrestricted File Upload
In Zoo Management System v1.0
CVE-2022-40932
7.2 - High
- September 22, 2022
In Zoo Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of the "gallery" file of the "Gallery" module in the background management system.
Unrestricted File Upload
Multiple SQL injections detected in Bus Pass Management System 1.0
CVE-2022-36198
9.8 - Critical
- August 22, 2022
Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php
SQL Injection
Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0
CVE-2020-23466
5.4 - Medium
- August 19, 2022
Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0 allows attackers to run arbitrary code via the wzipcode field.
XSS
A vulnerability was found in SourceCodester Zoo Management System
CVE-2022-2804
9.8 - Critical
- August 12, 2022
A vulnerability was found in SourceCodester Zoo Management System. It has been classified as critical. Affected is an unknown function of the file /pages/apply_vacancy.php. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-206250 is the identifier assigned to this vulnerability.
Unrestricted File Upload
A vulnerability was found in SourceCodester Zoo Management System and classified as critical
CVE-2022-2803
9.8 - Critical
- August 12, 2022
A vulnerability was found in SourceCodester Zoo Management System and classified as critical. This issue affects some unknown processing of the file /pages/animals.php. The manipulation of the argument class_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206249 was assigned to this vulnerability.
SQL Injection
A stored cross-site scripting (XSS) vulnerability in the Add Classification function of Zoo Management System v1.0
CVE-2022-33075
5.4 - Medium
- July 05, 2022
A stored cross-site scripting (XSS) vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors.
XSS
SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2022-31897
6.1 - Medium
- June 29, 2022
SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=.
XSS
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability
CVE-2022-31384
9.8 - Critical
- June 16, 2022
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php.
SQL Injection
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability
CVE-2022-31383
9.8 - Critical
- June 16, 2022
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php.
SQL Injection
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability
CVE-2022-31382
9.8 - Critical
- June 16, 2022
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php.
SQL Injection
Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2022-31914
5.4 - Medium
- June 16, 2022
Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24.
XSS
Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF).
CVE-2022-30930
4.3 - Medium
- June 14, 2022
Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF).
Session Riding
A vulnerability classified as problematic has been found in Zoo Management System 1.0
CVE-2021-4232
6.1 - Medium
- May 26, 2022
A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. It is possible to launch the attack remotely.
XSS
Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2
CVE-2022-29005
6.1 - Medium
- May 23, 2022
Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters.
XSS
Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability
CVE-2022-29004
6.1 - Medium
- May 23, 2022
Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.
XSS
A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0
CVE-2022-1816
5.4 - Medium
- May 23, 2022
A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input <script>alert(1)</script> leads to an authenticated cross site scripting. Exploit details have been disclosed to the public.
XSS
A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0
CVE-2022-28992
8.8 - High
- May 20, 2022
A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request.
Session Riding
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0
CVE-2022-29006
9.8 - Critical
- May 11, 2022
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.
SQL Injection
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0
CVE-2022-29009
9.8 - Critical
- May 11, 2022
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.
SQL Injection
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0
CVE-2022-29007
9.8 - Critical
- May 11, 2022
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication.
SQL Injection
An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0
CVE-2022-29008
6.5 - Medium
- May 11, 2022
An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information.
Insecure Direct Object Reference / IDOR