PHPGurukul Tourism Management System
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in PHPGurukul Tourism Management System.
By the Year
In 2026 there have been 0 vulnerabilities in PHPGurukul Tourism Management System. Last year, in 2025 Tourism Management System had 1 security vulnerability published. Right now, Tourism Management System is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 7.30 |
| 2024 | 4 | 6.77 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 4.30 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 8.80 |
It may take a day or so for new Tourism Management System vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent PHPGurukul Tourism Management System Security Vulnerabilities
SQLi via uid in /admin/user-bookings.php of PHPGurukul Tourism Mgmt 1.0
CVE-2025-13247
7.3 - High
- November 16, 2025
A security flaw has been discovered in PHPGurukul Tourism Management System 1.0. The affected element is an unknown function of the file /admin/user-bookings.php. The manipulation of the argument uid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
SQL Injection
Reflected XSS in Phpgurukul Tourism v2.0 via uname
CVE-2024-41333
6.1 - Medium
- August 06, 2024
A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the uname parameter.
XSS
PHPgurukul TMS v2.0: Unrestricted File Upload via change-image.php
CVE-2024-32256
8.1 - High
- April 16, 2024
Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. When updating a current package, there are no checks for what types of files are uploaded from the image.
Unrestricted File Upload
Unrestricted File Upload in Phpgurukul Tourism Mgmt Sys v2.0
CVE-2024-32254
- April 16, 2024
Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via tms/admin/create-package.php. When creating a new package, there is no checks for what types of files are uploaded from the image.
PHPGurukul Tour Mgmt Sys 1.0 XSS via Full Name arg
CVE-2024-1822
6.1 - Medium
- February 23, 2024
A vulnerability classified as problematic has been found in PHPGurukul Tourism Management System 1.0. Affected is an unknown function of the file user-bookings.php. The manipulation of the argument Full Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254610 is the identifier assigned to this vulnerability.
XSS
Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF).
CVE-2022-30930
4.3 - Medium
- June 14, 2022
Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF).
Session Riding
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0
CVE-2020-28136
8.8 - High
- November 17, 2020
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.
Unrestricted File Upload
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for PHPGurukul Tourism Management System or by PHPGurukul? Click the Watch button to subscribe.
