Filtered by vendor Phpgurukul
Subscribe
Search
Total
45 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-7172 | 1 Phpgurukul | 1 Hospital Management System | 2024-01-08 | N/A | 7.2 HIGH |
| A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249356. | |||||
| CVE-2023-7053 | 1 Phpgurukul | 1 Online Notes Sharing System | 2023-12-28 | N/A | 8.8 HIGH |
| A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248740. | |||||
| CVE-2023-31933 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 7.2 HIGH |
| Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-pass-detail.php file. | |||||
| CVE-2023-31936 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 7.2 HIGH |
| Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-pass-detail.php file. | |||||
| CVE-2023-31932 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 7.2 HIGH |
| Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-enquiry.php file. | |||||
| CVE-2023-31937 | 1 Phpgurukul | 1 Rail Pass Management System | 2023-12-20 | N/A | 7.2 HIGH |
| Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-cateogry-detail.php file. | |||||
| CVE-2023-48016 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2023-12-06 | N/A | 7.5 HIGH |
| Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the username parameter. | |||||
| CVE-2023-6402 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2023-12-06 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file add-phlebotomist.php. The manipulation of the argument empid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246423. | |||||
| CVE-2023-46024 | 1 Phpgurukul | 1 Teacher Subject Allocation Management System | 2023-11-17 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter. | |||||
| CVE-2023-6076 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2023-11-16 | N/A | 7.5 HIGH |
| A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file booking-details.php of the component Reservation Status Handler. The manipulation of the argument bid leads to information disclosure. The attack can be launched remotely. The identifier VDB-244945 was assigned to this vulnerability. | |||||
| CVE-2020-5509 | 1 Phpgurukul | 1 Car Rental Portal | 2023-11-14 | 6.5 MEDIUM | 7.2 HIGH |
| PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image. | |||||
| CVE-2023-37687 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2023-11-14 | N/A | 7.2 HIGH |
| Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the View Request of Nurse Page in the Admin portal. | |||||
| CVE-2021-26762 | 1 Phpgurukul | 1 Student Record System | 2023-11-14 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php. | |||||
| CVE-2021-26764 | 1 Phpgurukul | 1 Student Record System | 2023-11-14 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php. | |||||
| CVE-2020-35151 | 1 Phpgurukul | 1 Online Marriage Registration System | 2023-11-14 | 6.5 MEDIUM | 8.8 HIGH |
| The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection. | |||||
| CVE-2021-28423 | 1 Phpgurukul | 1 Teachers Record Management System | 2023-11-14 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php. | |||||
| CVE-2021-44315 | 1 Phpgurukul | 1 Bus Pass Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server. | |||||
| CVE-2022-40924 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | N/A | 7.2 HIGH |
| Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system. | |||||
| CVE-2020-25487 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | 4.6 MEDIUM | 7.8 HIGH |
| PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php. | |||||
| CVE-2022-27992 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | 6.5 MEDIUM | 8.8 HIGH |
| Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/animals via the class_id parameter. | |||||
| CVE-2022-40925 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | N/A | 7.2 HIGH |
| Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_event" file of the "Events" module in the background management system. | |||||
| CVE-2022-40932 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | N/A | 7.2 HIGH |
| In Zoo Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of the "gallery" file of the "Gallery" module in the background management system. | |||||
| CVE-2023-38890 | 1 Phpgurukul | 1 Online Shopping Portal | 2023-11-14 | N/A | 8.8 HIGH |
| Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks. | |||||
| CVE-2021-37807 | 1 Phpgurukul | 1 Online Shopping Portal | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database. | |||||
| CVE-2023-37772 | 1 Phpgurukul | 1 Online Shopping Portal | 2023-11-14 | N/A | 8.8 HIGH |
| Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php. | |||||
| CVE-2021-43137 | 1 Phpgurukul | 1 Hostel Management System | 2023-11-14 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover. | |||||
| CVE-2020-28136 | 1 Phpgurukul | 1 Tourism Management System | 2023-11-14 | 6.5 MEDIUM | 8.8 HIGH |
| An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page. | |||||
| CVE-2022-24226 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php. | |||||
| CVE-2022-24646 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 7.8 HIGH | 7.5 HIGH |
| Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters. | |||||
| CVE-2021-35387 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | N/A | 8.8 HIGH |
| Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. | |||||
| CVE-2020-22172 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-22171 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-22168 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-22166 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-22165 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-35745 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 6.5 MEDIUM | 8.8 HIGH |
| PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs. | |||||
| CVE-2020-22164 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-22169 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-22170 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-22174 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-5192 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 6.5 MEDIUM | 8.8 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised. | |||||
| CVE-2020-22176 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information. | |||||
| CVE-2020-22175 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-22173 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
| CVE-2020-5511 | 1 Phpgurukul | 1 Small Crm | 2020-01-17 | 6.5 MEDIUM | 8.8 HIGH |
| PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page. | |||||