PHPGurukul User Registration Login User Management System

Reflected XSS in PHPGurukul User Reg System V3.3 (edit-profile.php)
CVE-2025-28016 4.8 - Medium - September 30, 2025

A Reflected Cross-Site Scripting (XSS) vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the fname, lname, and contact parameters.

XSS

CVE-2025-8158: SQLi via ID in PHPGurukul 3.3 /admin/yesterday-reg-users.php
CVE-2025-8158 7.2 - High - July 25, 2025

A vulnerability was found in PHPGurukul Login and User Management System 3.3. It has been declared as critical. This vulnerability affects unknown code of the file /admin/yesterday-reg-users.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

PHPGurukul 3.3 SQLi in /admin/lastsevendays-reg-users.php ID
CVE-2025-8156 7.2 - High - July 25, 2025

A vulnerability was found in PHPGurukul User Registration & Login and User Management 3.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/lastsevendays-reg-users.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SQLI in PHPGurukul User Registration 3.3 – /admin/lastthirtyays-reg-users.php
CVE-2025-8157 7.2 - High - July 25, 2025

A vulnerability was found in PHPGurukul User Registration & Login and User Management 3.3. It has been classified as critical. This affects an unknown part of the file /admin/lastthirtyays-reg-users.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

PHPGurukul UR&LM 3.3: /admin/manage-users.php ID Parameter SQLi (Remote)
CVE-2025-7543 8.8 - High - July 13, 2025

A vulnerability was found in PHPGurukul User Registration & Login and User Management System 3.3. It has been classified as critical. This affects an unknown part of the file /admin/manage-users.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

PHPGurukul URM 3.3 SQLi in /admin/user-profile.php (uid)
CVE-2025-7542 9.8 - Critical - July 13, 2025

A vulnerability was found in PHPGurukul User Registration & Login and User Management System 3.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/user-profile.php. The manipulation of the argument uid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SQLi in PHPGurukul User Registration 3.3 /edit-profile.php
CVE-2025-4934 9.8 - Critical - May 19, 2025

A vulnerability has been found in PHPGurukul User Registration & Login and User Management System 3.3 and classified as critical. This vulnerability affects unknown code of the file /edit-profile.php. The manipulation of the argument Contact leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

PHPGurukul U&L&UMS 3.3 Session Hijacking via /loginsystem/change-password.php
CVE-2025-45949 - April 28, 2025

A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /loginsystem/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely and leading to account takeover.

SQLi in PHPGurukul U/R/L&UM Syst v3.3 change-password.php
CVE-2025-28011 - March 13, 2025

A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter.

HTML Injection in PHPGurukul UR&Lams v3.3 via edit-profile.php
CVE-2025-28015 - March 13, 2025

A HTML Injection vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary HTML code via the fname, lname, and contact parameters.

Critical SQLi in PHPGurukul Registration System 3.3 via login.php
CVE-2025-2050 9.8 - Critical - March 07, 2025

A vulnerability classified as critical was found in PHPGurukul User Registration & Login and User Management System 3.3. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

PHPGurukul User Registration & Login System SQL Injection Vulnerability in Signup Email Parameter
CVE-2024-11818 9.8 - Critical - November 27, 2024

A vulnerability classified as critical has been found in PHPGurukul User Registration & Login and User Management System 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

PHPGurukul User Registration & Login System SQL Injection Vulnerability
CVE-2024-11817 9.8 - Critical - November 26, 2024

A vulnerability was found in PHPGurukul User Registration & Login and User Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

XSS in PHPGurukul UR&L System 3.2 search-result.php
CVE-2024-48284 4.8 - Medium - November 14, 2024

A Reflected Cross-Site Scripting (XSS) vulnerability was found in the /search-result.php page of the PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary scripts via the searchkey parameter in a POST HTTP request.

XSS

PHPGurukul User Registration & Login System Directory Listing Vulnerability
CVE-2024-50843 - November 14, 2024

A Directory listing issue was found in PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers attacker to access sensitive files and directories via /loginsystem/assets.

PHPgurukul ULM System 3.2 CSRF via /edit-profile.php
CVE-2024-48278 - October 15, 2024

Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to Cross Site Request Forgery (CSRF) via /edit-profile.php.

SQL Injection in Phpgurukul UMLS 3.2 search-result.php
CVE-2024-48283 - October 15, 2024

Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection in /admin//search-result.php via the searchkey parameter.

HTML Inject /search-result.php in PHPGurukul URLS v3.2 Enables Remote Code
CVE-2024-48279 - October 15, 2024

A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary HTML code via the searchkey parameter in a POST HTTP request.

SQL Injection in PHPGurukul User Reg & Log 3.2 /search-result.php via fromdate
CVE-2024-48280 - October 15, 2024

A SQL Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL command via the fromdate parameter in a POST HTTP request.

SQL Injection in /password-recovery.php (PHPGurukul ULS 3.2)
CVE-2024-48282 - October 15, 2024

A SQL Injection vulnerability was found in /password-recovery.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the femail parameter in a POST HTTP request.

SQLi in Phpgurukul U&L 3.1 bwdates-report-result.php
CVE-2024-28323 - March 14, 2024

The bwdates-report-result.php file in Phpgurukul User Registration & Login and User Management System 3.1 contains a potential security vulnerability related to user input validation. The script retrieves user-provided date inputs without proper validation, making it susceptible to SQL injection attacks.

CVE-2024-25202 XSS via search bar in Phpgurukul User System 1.0
CVE-2024-25202 - February 28, 2024

Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar.

Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1.
CVE-2020-24723 4.8 - Medium - November 18, 2020

Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1.

XSS

SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1
CVE-2020-25952 9.8 - Critical - November 16, 2020

SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.

SQL Injection