Phpgurukul
Products by Phpgurukul Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2024 there have been 19 vulnerabilities in Phpgurukul with an average score of 7.6 out of ten. Last year Phpgurukul had 104 security vulnerabilities published. Right now, Phpgurukul is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.54.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 19 | 7.57 |
2023 | 104 | 7.03 |
2022 | 42 | 7.74 |
2021 | 43 | 7.40 |
2020 | 20 | 7.91 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Phpgurukul vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Phpgurukul Security Vulnerabilities
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER
CVE-2024-24497
- February 08, 2024
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1009. Reason: This candidate is a duplicate of CVE-2024-1009. Notes: All CVE users should reference CVE-2024-1009 instead of this candidate.
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER
CVE-2024-24498
- February 08, 2024
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1008. Reason: This candidate is a duplicate of CVE-2024-1008. Notes: All CVE users should reference CVE-2024-1008 instead of this candidate.
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER
CVE-2024-24499
- February 08, 2024
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1007. Reason: This candidate is a duplicate of CVE-2024-1007. Notes: All CVE users should reference CVE-2024-1007 instead of this candidate.
A vulnerability was found in PHPGurukul Company Visitor Management System 1.0
CVE-2024-0651
7.2 - High
- January 18, 2024
A vulnerability was found in PHPGurukul Company Visitor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file search-visitor.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251377 was assigned to this vulnerability.
SQL Injection
A vulnerability was found in PHPGurukul Company Visitor Management System 1.0
CVE-2024-0652
4.8 - Medium
- January 18, 2024
A vulnerability was found in PHPGurukul Company Visitor Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file search-visitor.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251378 is the identifier assigned to this vulnerability.
XSS
A vulnerability, which was classified as problematic, was found in Blood Bank & Donor Management 1.0
CVE-2024-0476
4.8 - Medium
- January 13, 2024
A vulnerability, which was classified as problematic, was found in Blood Bank & Donor Management 1.0. This affects an unknown part of the file request-received-bydonar.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250581 was assigned to this vulnerability.
XSS
In PHPGurukul Art Gallery Management System v1.1
CVE-2023-51978
6.5 - Medium
- January 12, 2024
In PHPGurukul Art Gallery Management System v1.1, "Update Artist Image" functionality of "imageid" parameter is vulnerable to SQL Injection.
SQL Injection
A vulnerability has been found in Blood Bank & Donor Management 5.6 and classified as critical
CVE-2024-0459
7.2 - High
- January 12, 2024
A vulnerability has been found in Blood Bank & Donor Management 5.6 and classified as critical. This vulnerability affects unknown code of the file /admin/request-received-bydonar.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250564.
SQL Injection
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can
CVE-2020-26627
4.9 - Medium
- January 10, 2024
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab.
SQL Injection
A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which
CVE-2020-26628
6.1 - Medium
- January 10, 2024
A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile.
XSS
A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which
CVE-2020-26629
9.8 - Critical
- January 10, 2024
A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server.
Unrestricted File Upload
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can
CVE-2020-26630
4.9 - Medium
- January 10, 2024
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin.
SQL Injection
A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0
CVE-2024-0361
9.8 - Critical
- January 10, 2024
A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0. Affected is an unknown function of the file admin/contact.php. The manipulation of the argument mobnum leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250128.
SQL Injection
A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0
CVE-2024-0362
9.8 - Critical
- January 10, 2024
A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/change-password.php. The manipulation of the argument cpass leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-250129 was assigned to this vulnerability.
SQL Injection
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0
CVE-2024-0363
9.8 - Critical
- January 10, 2024
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250130 is the identifier assigned to this vulnerability.
SQL Injection
A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0
CVE-2024-0364
9.8 - Critical
- January 10, 2024
A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250131.
SQL Injection
A vulnerability was found in PHPGurukul Hospital Management System 1.0
CVE-2024-0360
9.8 - Critical
- January 10, 2024
A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/edit-doctor-specialization.php. The manipulation of the argument doctorspecilization leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250127.
SQL Injection
A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1
CVE-2024-0355
9.8 - Critical
- January 10, 2024
A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Affected is an unknown function of the file add-category.php. The manipulation of the argument category leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250122 is the identifier assigned to this vulnerability.
SQL Injection
A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0
CVE-2024-0286
6.1 - Medium
- January 07, 2024
A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file index.php#contact_us of the component Contact Form. The manipulation of the argument Name/Email/Message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249843.
XSS
A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0
CVE-2023-7173
5.4 - Medium
- December 30, 2023
A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file registration.php. The manipulation of the argument First Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249357 was assigned to this vulnerability.
XSS
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0
CVE-2023-7172
7.2 - High
- December 30, 2023
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249356.
SQL Injection
A vulnerability, which was classified as critical, has been found in PHPGurukul Nipah Virus Testing Management System 1.0
CVE-2023-7099
9.8 - Critical
- December 25, 2023
A vulnerability, which was classified as critical, has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This issue affects some unknown processing of the file bwdates-report-result.php. The manipulation of the argument fromdate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248951.
SQL Injection
A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0
CVE-2023-7100
9.8 - Critical
- December 25, 2023
A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/bwdates-report-details.php. The manipulation of the argument fdate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248952.
SQL Injection
A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0
CVE-2023-7055
5.4 - Medium
- December 22, 2023
A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Affected is an unknown function of the file /user/profile.php of the component Contact Information Handler. The manipulation of the argument mobilenumber leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-248742 is the identifier assigned to this vulnerability.
Incorrect Permission Assignment for Critical Resource
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0
CVE-2023-7053
8.8 - High
- December 22, 2023
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248740.
Weak Password Requirements
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0
CVE-2023-7054
5.4 - Medium
- December 22, 2023
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /user/add-notes.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248741 was assigned to this vulnerability.
XSS
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0
CVE-2023-7052
4.3 - Medium
- December 22, 2023
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been classified as problematic. This affects an unknown part of the file /user/profile.php. The manipulation of the argument name leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248739.
Session Riding
A vulnerability has been found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic
CVE-2023-7050
5.4 - Medium
- December 21, 2023
A vulnerability has been found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file user/profile.php. The manipulation of the argument name/email leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248737 was assigned to this vulnerability.
XSS
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2023-48723
- December 21, 2023
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic
CVE-2023-7051
4.3 - Medium
- December 21, 2023
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/manage-notes.php of the component Notes Handler. The manipulation of the argument delid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248738 is the identifier assigned to this vulnerability.
Session Riding
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities
CVE-2023-48718
9.8 - Critical
- December 21, 2023
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database.
SQL Injection
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities
CVE-2023-48720
9.8 - Critical
- December 21, 2023
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
SQL Injection
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities
CVE-2023-48722
9.8 - Critical
- December 21, 2023
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database.
SQL Injection
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2023-48719
- December 21, 2023
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
A vulnerability classified as problematic has been found in PHPGurukul Teacher Subject Allocation Management System 1.0
CVE-2023-6766
3.5 - Low
- December 13, 2023
A vulnerability classified as problematic has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Affected is an unknown function of the file /admin/course.php of the component Delete Course Handler. The manipulation of the argument delid leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247896.
Session Riding
A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0
CVE-2023-6653
4.3 - Medium
- December 10, 2023
A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/subject.php of the component Create a new Subject. The manipulation of the argument cid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247346 is the identifier assigned to this vulnerability.
Session Riding
A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as problematic
CVE-2023-6649
6.1 - Medium
- December 10, 2023
A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file index.php. The manipulation of the argument searchdata with the input <script>alert(5)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-247342 is the identifier assigned to this vulnerability.
XSS
A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0
CVE-2023-6648
9.8 - Critical
- December 10, 2023
A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file password-recovery.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247341 was assigned to this vulnerability.
SQL Injection
A vulnerability has been found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as problematic
CVE-2023-6474
6.5 - Medium
- December 03, 2023
A vulnerability has been found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file manage-phlebotomist.php. The manipulation of the argument pid leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246640.
Session Riding
A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0
CVE-2023-6465
6.1 - Medium
- December 02, 2023
A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as problematic. This affects an unknown part of the file registered-user-testing.php. The manipulation of the argument regmobilenumber leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246615.
XSS
Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php
CVE-2023-48016
7.5 - High
- December 01, 2023
Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the username parameter.
SQL Injection
A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0
CVE-2023-6442
5.4 - Medium
- November 30, 2023
A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add-phlebotomist.php. The manipulation of the argument empid/fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246445 was assigned to this vulnerability.
XSS
A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0
CVE-2023-6402
8.8 - High
- November 30, 2023
A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file add-phlebotomist.php. The manipulation of the argument empid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246423.
SQL Injection
A vulnerability classified as problematic has been found in PHPGurukul Nipah Virus Testing Management System 1.0
CVE-2023-6297
6.1 - Medium
- November 26, 2023
A vulnerability classified as problematic has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file patient-search-report.php of the component Search Report Page. The manipulation of the argument Search By Patient Name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246123.
XSS
Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting (XSS) on the profile.php page
CVE-2023-47446
5.4 - Medium
- November 15, 2023
Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting (XSS) on the profile.php page via fullname parameter.
XSS
Pre-School Enrollment version 1.0 is vulnerable to SQL Injection
CVE-2023-47445
9.8 - Critical
- November 15, 2023
Pre-School Enrollment version 1.0 is vulnerable to SQL Injection via the username parameter in preschool/admin/ page.
SQL Injection
Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0
CVE-2023-46026
4.8 - Medium
- November 14, 2023
Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary code via the 'adminname' and 'email' parameters.
XSS
SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management System 1.0
CVE-2023-46025
4.9 - Medium
- November 14, 2023
SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to obtain sensitive information via the 'editid' parameter.
SQL Injection
SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0
CVE-2023-46024
7.5 - High
- November 14, 2023
SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter.
SQL Injection
A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0
CVE-2023-6076
7.5 - High
- November 10, 2023
A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file booking-details.php of the component Reservation Status Handler. The manipulation of the argument bid leads to information disclosure. The attack can be launched remotely. The identifier VDB-244945 was assigned to this vulnerability.
A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0
CVE-2023-6075
6.1 - Medium
- November 10, 2023
A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file index.php of the component Reservation Request Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-244944.
XSS
A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0
CVE-2023-6074
9.8 - Critical
- November 10, 2023
A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file check-status.php of the component Booking Reservation Handler. The manipulation leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-244943.
SQL Injection
A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical
CVE-2023-5804
9.8 - Critical
- October 26, 2023
A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The identifier VDB-243617 was assigned to this vulnerability.
SQL Injection
A vulnerability was found in PHPGurukul Online Railway Catering System 1.0
CVE-2023-5794
9.8 - Critical
- October 26, 2023
A vulnerability was found in PHPGurukul Online Railway Catering System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-243600.
SQL Injection
SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0
CVE-2023-46584
9.8 - Critical
- October 25, 2023
SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint.
SQL Injection
Cross-Site Scripting (XSS) vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0
CVE-2023-46583
6.1 - Medium
- October 25, 2023
Cross-Site Scripting (XSS) vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows attackers to execute arbitrary code via a crafted payload injected into the State field.
XSS
A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0
CVE-2023-5303
6.1 - Medium
- September 30, 2023
A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0. Affected is an unknown function of the file /view-booking-detail.php of the component Account Detail Handler. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. VDB-240942 is the identifier assigned to this vulnerability.
XSS
A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0
CVE-2023-41614
4.8 - Medium
- September 21, 2023
A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description of Animal parameter.
XSS
Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop Management System Using PHP and MySQL v1.1
CVE-2023-41593
5.4 - Medium
- September 11, 2023
Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop Management System Using PHP and MySQL v1.1 allow attackers to execute arbitrary web scripts and HTML via a crafted payload injected into the Category and Category Field parameters.
XSS
Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2
CVE-2023-41575
5.4 - Medium
- September 08, 2023
Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters.
XSS
Zoo Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the Admin sign-in page
CVE-2023-41615
9.8 - Critical
- September 08, 2023
Zoo Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the Admin sign-in page via the username and password fields.
SQL Injection
Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function
CVE-2023-41594
7.5 - High
- September 08, 2023
Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters.
SQL Injection
Online Shopping Portal Project 3.1
CVE-2023-38890
8.8 - High
- August 18, 2023
Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks.
SQL Injection
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page.
CVE-2023-37690
4.8 - Medium
- August 08, 2023
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page.
XSS
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Booking Request page.
CVE-2023-37689
4.8 - Medium
- August 08, 2023
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Booking Request page.
XSS
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Admin page.
CVE-2023-37688
4.8 - Medium
- August 08, 2023
Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Admin page.
XSS
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the View Request of Nurse Page in the Admin portal.
CVE-2023-37687
7.2 - High
- August 08, 2023
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the View Request of Nurse Page in the Admin portal.
SQL Injection
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal.
CVE-2023-37686
4.8 - Medium
- August 08, 2023
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal.
XSS
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Page of the Admin portal.
CVE-2023-37685
4.8 - Medium
- August 08, 2023
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Page of the Admin portal.
XSS
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Details of the Admin portal.
CVE-2023-37684
4.8 - Medium
- August 08, 2023
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Details of the Admin portal.
XSS
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Profile Page of the Admin.
CVE-2023-37683
4.8 - Medium
- August 08, 2023
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Profile Page of the Admin.
XSS
PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection
CVE-2023-39551
9.8 - Critical
- August 04, 2023
PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.
SQL Injection
Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability
CVE-2023-37772
8.8 - High
- August 01, 2023
Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php.
SQL Injection
Art Gallery Management System v1.0 contains a SQL injection vulnerability
CVE-2023-37771
9.8 - Critical
- July 31, 2023
Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php.
SQL Injection
Sql injection vulnerability found in Rail Pass Management System v.1.0
CVE-2023-31932
7.2 - High
- July 28, 2023
Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-enquiry.php file.
SQL Injection
Sql injection vulnerability found in Rail Pass Management System v.1.0
CVE-2023-31933
7.2 - High
- July 28, 2023
Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-pass-detail.php file.
SQL Injection
Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0
CVE-2023-31934
4.8 - Medium
- July 28, 2023
Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php.
XSS
Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0
CVE-2023-31935
4.8 - Medium
- July 28, 2023
Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the emial parameter of admin-profile.php.
XSS
Sql injection vulnerability found in Rail Pass Management System v.1.0
CVE-2023-31936
7.2 - High
- July 28, 2023
Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-pass-detail.php file.
SQL Injection
Sql injection vulnerability found in Rail Pass Management System v.1.0
CVE-2023-31937
7.2 - High
- July 28, 2023
Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-cateogry-detail.php file.
SQL Injection
A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2
CVE-2023-36942
6.1 - Medium
- July 27, 2023
A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the website title field.
XSS
A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2
CVE-2023-36941
6.1 - Medium
- July 27, 2023
A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name, leader, and member fields.
XSS
A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0
CVE-2023-37746
6.1 - Medium
- July 13, 2023
A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of the /admin/contactus.php component.
XSS
A cross-site scripting (XSS) vulnerability in Teacher Subject Allocation System v1.0
CVE-2023-37743
6.1 - Medium
- July 13, 2023
A cross-site scripting (XSS) vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box.
XSS
A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0
CVE-2023-37745
6.1 - Medium
- July 13, 2023
A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of the /admin/aboutus.php component.
XSS
Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability
CVE-2023-37744
6.1 - Medium
- July 13, 2023
Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-booking-request.php.
XSS
A vulnerability was found in PHPGurukul Online Shopping Portal 1.0
CVE-2023-3605
9.1 - Critical
- July 10, 2023
A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Registration Page. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233467.
Improper Restriction of Excessive Authentication Attempts
Cross Site Scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL v.1.2
CVE-2023-36940
4.8 - Medium
- July 10, 2023
Cross Site Scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL v.1.2 allows attackers to execute arbitrary code via a crafted payload injected into the search field.
XSS
Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1
CVE-2023-36939
6.1 - Medium
- July 10, 2023
Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the search booking field.
XSS
Cross-Site Scripting (XSS) vulnerability in PHPGurukul Online Security Guards Hiring System using PHP and MySQL 1.0
CVE-2023-36936
6.1 - Medium
- July 10, 2023
Cross-Site Scripting (XSS) vulnerability in PHPGurukul Online Security Guards Hiring System using PHP and MySQL 1.0 allows attackers to execute arbitrary code via a crafted payload to the search booking box.
XSS
Cross Site Scripting vulnerability in Hostel Management System v2.1
CVE-2023-36375
5.4 - Medium
- July 10, 2023
Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page.
XSS
Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1
CVE-2023-36376
4.8 - Medium
- July 10, 2023
Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the add course section.
XSS
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).
CVE-2023-34647
6.1 - Medium
- June 28, 2023
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).
XSS
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-34652
6.1 - Medium
- June 28, 2023
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course.
XSS
Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page.
CVE-2023-33580
4.8 - Medium
- June 26, 2023
Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page.
XSS
Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0
CVE-2023-34666
6.1 - Medium
- June 15, 2023
Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter.
XSS
A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0
CVE-2023-3275
9.8 - Critical
- June 15, 2023
A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view-pass-detail.php of the component POST Request Handler. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The identifier VDB-231625 was assigned to this vulnerability.
SQL Injection
Old Age Home Management 1.0 is vulnerable to SQL Injection
CVE-2023-33338
9.8 - Critical
- May 23, 2023
Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.
SQL Injection
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0
CVE-2023-31498
9.8 - Critical
- May 11, 2023
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter.
Session Fixation
A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0
CVE-2023-1964
9.1 - Critical
- April 09, 2023
A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. Affected is an unknown function of the file recovery.php of the component Password Reset. The manipulation of the argument uname/mobile leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225360.
SQL Injection