PHPGurukul Medical Card Generation System

Blind XSS in mcgs/contact.php of Phpgurukul Medical Card Generation System 1.0
CVE-2025-50367 - June 27, 2025

A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript.

CSRF in PHPGurukul Medical Card Gen Sys 1.0 – /mcgs/admin/manage-card.php
CVE-2025-50369 - June 27, 2025

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Manage Card functionality (/mcgs/admin/manage-card.php) of PHPGurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authorized admin to delete medical card records by sending a simple GET request without verifying the origin of the request.

Critical SQLi in PHPGurukul Medical Card Gen System 1.0 /admin/manage-card.php
CVE-2025-5670 8.8 - High - June 05, 2025

A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /admin/manage-card.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SQLi via /admin/unreadenq.php in PHPGurukul Medical Card System 1.0
CVE-2025-5669 8.8 - High - June 05, 2025

A vulnerability classified as critical was found in PHPGurukul Medical Card Generation System 1.0. This vulnerability affects unknown code of the file /admin/unreadenq.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

Critical SQLi in PHPGurukul Medical Card Gen System 1.0 (readenq.php)
CVE-2025-5668 8.8 - High - June 05, 2025

A vulnerability classified as critical has been found in PHPGurukul Medical Card Generation System 1.0. This affects an unknown part of the file /admin/readenq.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

Reflected XSS in download-medical-cards.php of PHPGURUKUL Medical Card Gen v1.0
CVE-2024-51099 - May 23, 2025

A reflected cross-site scripting (XSS) vulnerability in the component mcgs/download-medical-cards.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the searchdata parameter.

HTML Injection in Phpgurukul Medical Card Gen v1.0 admin/contactus.php
CVE-2024-48704 - May 23, 2025

Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes.

XSS in PHPGURUKUL Card Gen 1.0 – /mcgs/admin/contactus.php via params
CVE-2024-51107 4.8 - Medium - May 23, 2025

Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle, pagedes, and email parameters.

XSS

XSS in PHPGURUKUL Medical Card Gen System v1.0 /admin/card-bwdates-report.php
CVE-2024-51108 5.4 - Medium - May 23, 2025

Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fromdate and todate parameters.

XSS

XSS in PHPGURUKUL Med Card Gen System v1.0 admin/aboutus.php
CVE-2024-51106 - May 19, 2025

A cross-site scripting (XSS) vulnerability in the component mcgs/admin/aboutus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle parameter.

PHPGurukul Medical Card Gen 1.0 Remote XSS in /download-medical-cards.php
CVE-2025-2650 6.1 - Medium - March 23, 2025

A vulnerability, which was classified as problematic, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /download-medical-cards.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

XSS

PhpGurukul Medical Card Generation System: Cross-Site Scripting (XSS) Vulnerability in search-medica
CVE-2024-48703 4.8 - Medium - December 06, 2024

PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter.

XSS

PHPGurukul Medical Card Gen 1.0 SQLi via viewid in /admin/view-enquiry.php
CVE-2024-10300 7.2 - High - October 23, 2024

A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /admin/view-enquiry.php of the component View Enquiry Page. The manipulation of the argument viewid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

PHPGurukul Medical Card Gen Sys 1.0: Remote SQLi via searchdata
CVE-2024-10301 7.2 - High - October 23, 2024

A vulnerability, which was classified as critical, was found in PHPGurukul Medical Card Generation System 1.0. Affected is an unknown function of the file /admin/search-medicalcard.php of the component Search. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SQLi in PHPGurukul Medical Card Gen 1.0 - Edit Card Detail Page
CVE-2024-10298 7.2 - High - October 23, 2024

A vulnerability classified as critical has been found in PHPGurukul Medical Card Generation System 1.0. This affects an unknown part of the file /admin/edit-card-detail.php of the component Managecard Edit Card Detail Page. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

PERS 1.0 @ Managecard View Detail Page: Remote SQLi via viewid
CVE-2024-10299 7.2 - High - October 23, 2024

A vulnerability classified as critical was found in PHPGurukul Medical Card Generation System 1.0. This vulnerability affects unknown code of the file /admin/view-card-detail.php of the component Managecard View Detail Page. The manipulation of the argument viewid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

PHPGurukul MedicCardGen 1.0: /admin/changeimage.php SQLi via editid
CVE-2024-10297 7.2 - High - October 23, 2024

A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/changeimage.php of the component Managecard Edit Image Page. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SQLi in PHPGurukul Medical Card System 1.0 Report Page
CVE-2024-10296 7.2 - High - October 23, 2024

A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/card-bwdates-reports-details.php of the component Report of Medical Card Page. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

SQL Injection