PHPGurukul Hostel Management System
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in PHPGurukul Hostel Management System.
By the Year
In 2026 there have been 0 vulnerabilities in PHPGurukul Hostel Management System. Last year, in 2025 Hostel Management System had 6 security vulnerabilities published. Right now, Hostel Management System is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 6 | 7.66 |
| 2024 | 0 | 0.00 |
| 2023 | 5 | 5.78 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 8.80 |
| 2020 | 2 | 5.40 |
It may take a day or so for new Hostel Management System vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent PHPGurukul Hostel Management System Security Vulnerabilities
XSS in PHPGurukul 2.1 register-complaint.php via cdetails
CVE-2025-13577
3.5 - Low
- November 24, 2025
A flaw has been found in PHPGurukul Hostel Management System 2.1. The impacted element is an unknown function of the file /register-complaint.php. Executing a manipulation of the argument cdetails can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.
XSS
Phpgurukul Hostel Mgmt Sys 2.1 Clickjacking Vulnerability
CVE-2025-28129
5.4 - Medium
- October 06, 2025
Phpgurukul Hostel Management System 2.1 is vulnerable to clickjacking.
Clickjacking
SQLi in PHPGurukul HMS 1.0 via /includes/login-hm.inc.php Username – Critical
CVE-2025-6155
9.8 - Critical
- June 17, 2025
A vulnerability was found in PHPGurukul Hostel Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /includes/login-hm.inc.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
PHPGurukul Hostel Mgmt 1.0 Remote SQLi via /includes/login.inc.php
CVE-2025-6154
9.8 - Critical
- June 17, 2025
A vulnerability was found in PHPGurukul Hostel Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /includes/login.inc.php. The manipulation of the argument student_roll_no leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
PHPGurukul Hostel Mgr Sys 1.0: admins/students.php SQLi via search_box
CVE-2025-6153
9.8 - Critical
- June 17, 2025
A vulnerability has been found in PHPGurukul Hostel Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/students.php. The manipulation of the argument search_box leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
Session Hijacking in PHPGurukul Hostel Mgmt System 2.1 Change Password
CVE-2025-45953
- April 28, 2025
A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely
XSS via Search Booking Field in Hostel Management Sys v2.1
CVE-2023-36939
6.1 - Medium
- July 10, 2023
Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the search booking field.
XSS
CWE-79 XSS in Hostel Management System v2.1 Book Hostel page
CVE-2023-36375
- July 10, 2023
Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page.
Hostel Management Sys v2.1 XSS via Add Course Field
CVE-2023-36376
4.8 - Medium
- July 10, 2023
Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the add course section.
XSS
XSS in PHPgurukl Hostel Mgmt Sys v1.0
CVE-2023-34647
6.1 - Medium
- June 28, 2023
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).
XSS
PHPgurukl Hostel Management System v1.0 XSS via Add New Course
CVE-2023-34652
6.1 - Medium
- June 28, 2023
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course.
XSS
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1
CVE-2021-43137
8.8 - High
- December 01, 2021
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.
Session Riding
PHPGurukul hostel-management-system 2.1
CVE-2020-25270
5.4 - Medium
- October 08, 2020
PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City.
XSS
PHPGurukul Hostel Management System v2.0
CVE-2020-5510
- January 08, 2020
PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for PHPGurukul Hostel Management System or by PHPGurukul? Click the Watch button to subscribe.
