PHPGurukul Small Crm
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in PHPGurukul Small Crm.
By the Year
In 2026 there have been 0 vulnerabilities in PHPGurukul Small Crm. Last year, in 2025 Small Crm had 10 security vulnerabilities published. Right now, Small Crm is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 10 | 6.71 |
| 2024 | 5 | 9.60 |
| 2023 | 1 | 9.80 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 8.80 |
It may take a day or so for new Small Crm vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent PHPGurukul Small Crm Security Vulnerabilities
A security flaw has been discovered in PHPGurukul Small CRM 4.0
CVE-2025-15390
6.3 - Medium
- December 31, 2025
A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
AuthZ
SQLi in PHPGurukul Small CRM 3.0 via oldpass in change-password.php
CVE-2024-44641
6.5 - Medium
- November 17, 2025
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the oldpass parameter in change-password.php.
SQL Injection
SQLi in PHPGurukul Small CRM 3.0 via manage-tickets.php
CVE-2024-44644
6.5 - Medium
- November 17, 2025
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the frm_id and aremark parameters in manage-tickets.php.
SQL Injection
PHPGurukul Small CRM 3.0 SQLi via id/adminremark in quote-details.php
CVE-2024-44648
6.5 - Medium
- November 17, 2025
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via id and adminremark parameters in quote-details.php.
SQL Injection
SQLi in PHPGurukul SmallCRM 4.0 /forgot-password.php
CVE-2025-11053
7.3 - High
- September 27, 2025
A weakness has been identified in PHPGurukul Small CRM 4.0. This affects an unknown function of the file /forgot-password.php. Executing manipulation of the argument email can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.
SQL Injection
PHPGurukul Small CRM 4.0 SQLi via /create-ticket.php subject param
CVE-2025-10664
7.3 - High
- September 18, 2025
A vulnerability was determined in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /create-ticket.php. Executing manipulation of the argument subject can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
SQL Injection
PHPGurukul Small CRM 3.0 Session Hijack via change-password.php
CVE-2025-50484
- July 28, 2025
Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0 allows attackers to execute a session hijacking attack.
SQLi in PHPGurukul Small CRM 3.0 /admin/manage-tickets.php via aremark
CVE-2025-5227
7.3 - High
- May 27, 2025
A vulnerability was found in PHPGurukul Small CRM 3.0 and classified as critical. This issue affects some unknown processing of the file /admin/manage-tickets.php. The manipulation of the argument aremark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
SQL Injection
PHPGurukul Small CRM 3.0 SQLi via oldpass in /admin/change-password.php
CVE-2025-5226
7.3 - High
- May 27, 2025
A vulnerability has been found in PHPGurukul Small CRM 3.0 and classified as critical. This vulnerability affects unknown code of the file /admin/change-password.php. The manipulation of the argument oldpass leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
SQL Injection
PHPGurukul Small CRM 3.0 XSS via Profile.php Name Field
CVE-2024-48170
5.4 - Medium
- February 10, 2025
PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload injected into the name in the profile.php.
XSS
Critical SQLi in PHPGurukul Small CRM 1.0 via /admin/index.php
CVE-2024-13001
9.8 - Critical
- December 29, 2024
A vulnerability was found in PHPGurukul Small CRM 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
PHPGurukul Small CRM 1.0 SQLi via /admin/quote-details.php (CVE-2024-13000)
CVE-2024-13000
9.8 - Critical
- December 29, 2024
A vulnerability was found in PHPGurukul Small CRM 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/quote-details.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
SQLi in PHPGurukul Small CRM 1.0 via /admin/edit-user.php id
CVE-2024-12999
9.8 - Critical
- December 29, 2024
A vulnerability has been found in PHPGurukul Small CRM 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
SQLi Remote Vulnerability in PHPGurukul Small CRM 3.0 Registration Page
CVE-2024-3691
9.8 - Critical
- April 12, 2024
A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. Affected by this issue is some unknown functionality of the component Registration Page. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260480.
SQL Injection
SQLi in PHPGurukul Small CRM 3.0 ChangePwd Handler Remote RCE
CVE-2024-3690
8.8 - High
- April 12, 2024
A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260479.
SQL Injection
PHPGurukul Small CRM 3.0: SQLI on Users Login Panel
CVE-2023-50035
9.8 - Critical
- December 29, 2023
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed.
SQL Injection
PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass
CVE-2020-5511
8.8 - High
- January 08, 2020
PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page.
SQL Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for PHPGurukul Small Crm or by PHPGurukul? Click the Watch button to subscribe.
