Filtered by vendor Phpgurukul
Subscribe
Search
Total
191 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26762 | 1 Phpgurukul | 1 Student Record System | 2023-11-14 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php. | |||||
| CVE-2021-42224 | 1 Phpgurukul | 1 Ifsc Code Finder | 2023-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php. | |||||
| CVE-2023-33338 | 1 Phpgurukul | 1 Old Age Home Management System | 2023-11-14 | N/A | 9.8 CRITICAL |
| Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter. | |||||
| CVE-2020-35151 | 1 Phpgurukul | 1 Online Marriage Registration System | 2023-11-14 | 6.5 MEDIUM | 8.8 HIGH |
| The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection. | |||||
| CVE-2020-23466 | 1 Phpgurukul | 1 Online Marriage Registration System | 2023-11-14 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0 allows attackers to run arbitrary code via the wzipcode field. | |||||
| CVE-2020-26052 | 1 Phpgurukul | 1 Online Marriage Registration System | 2023-11-14 | 3.5 LOW | 5.4 MEDIUM |
| Online Marriage Registration System 1.0 is affected by stored cross-site scripting (XSS) vulnerabilities in multiple parameters. | |||||
| CVE-2021-28424 | 1 Phpgurukul | 1 Teachers Record Management System | 2023-11-14 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php. | |||||
| CVE-2021-26822 | 1 Phpgurukul | 1 Teachers Record Management System | 2023-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks. | |||||
| CVE-2021-28423 | 1 Phpgurukul | 1 Teachers Record Management System | 2023-11-14 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php. | |||||
| CVE-2021-44317 | 1 Phpgurukul | 1 Bus Pass Management System | 2023-11-14 | 3.5 LOW | 5.4 MEDIUM |
| In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us` are affected with a Stored Cross-site scripting vulnerability. | |||||
| CVE-2021-44315 | 1 Phpgurukul | 1 Bus Pass Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server. | |||||
| CVE-2022-35156 | 1 Phpgurukul | 1 Bus Pass Management System | 2023-11-14 | N/A | 9.8 CRITICAL |
| Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php.. | |||||
| CVE-2022-35155 | 1 Phpgurukul | 1 Bus Pass Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter. | |||||
| CVE-2022-36198 | 1 Phpgurukul | 1 Bus Pass Management System | 2023-11-14 | N/A | 9.8 CRITICAL |
| Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php | |||||
| CVE-2022-29008 | 1 Phpgurukul | 1 Bus Pass Management System | 2023-11-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information. | |||||
| CVE-2021-42223 | 1 Phpgurukul | 1 Online Dj Booking Management System | 2023-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php. | |||||
| CVE-2022-45730 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function. | |||||
| CVE-2022-45729 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee ID parameter. | |||||
| CVE-2022-46128 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable to Cross Site Scripting (XSS) via searchdata=. | |||||
| CVE-2022-45728 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| Doctor Appointment Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-33075 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors. | |||||
| CVE-2022-27992 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | 6.5 MEDIUM | 8.8 HIGH |
| Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/animals via the class_id parameter. | |||||
| CVE-2022-2803 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Zoo Management System and classified as critical. This issue affects some unknown processing of the file /pages/animals.php. The manipulation of the argument class_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206249 was assigned to this vulnerability. | |||||
| CVE-2023-41614 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description of Animal parameter. | |||||
| CVE-2022-27351 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2021-4232 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. It is possible to launch the attack remotely. | |||||
| CVE-2022-31897 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=. | |||||
| CVE-2022-31914 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | 3.5 LOW | 5.4 MEDIUM |
| Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24. | |||||
| CVE-2020-25487 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | 4.6 MEDIUM | 7.8 HIGH |
| PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php. | |||||
| CVE-2022-40925 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | N/A | 7.2 HIGH |
| Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_event" file of the "Events" module in the background management system. | |||||
| CVE-2022-40924 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | N/A | 7.2 HIGH |
| Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system. | |||||
| CVE-2022-40932 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | N/A | 7.2 HIGH |
| In Zoo Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of the "gallery" file of the "Gallery" module in the background management system. | |||||
| CVE-2022-1816 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input <script>alert(1)</script> leads to an authenticated cross site scripting. Exploit details have been disclosed to the public. | |||||
| CVE-2022-2804 | 1 Phpgurukul | 1 Zoo Management System | 2023-11-14 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Zoo Management System. It has been classified as critical. Affected is an unknown function of the file /pages/apply_vacancy.php. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-206250 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-29005 | 1 Phpgurukul | 1 Online Birth Certificate System | 2023-11-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters. | |||||
| CVE-2021-37808 | 1 Phpgurukul | 1 News Portal | 2023-11-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database. | |||||
| CVE-2021-33470 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2023-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel. | |||||
| CVE-2021-33469 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2023-11-14 | 3.5 LOW | 4.8 MEDIUM |
| COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the "Admin name" parameter. | |||||
| CVE-2021-37805 | 1 Phpgurukul | 1 Vehicle Parking Management System | 2023-11-14 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint. | |||||
| CVE-2021-27822 | 1 Phpgurukul | 1 Vehicle Parking Management System | 2023-11-14 | 3.5 LOW | 4.8 MEDIUM |
| A persistent cross site scripting (XSS) vulnerability in the Add Categories module of Vehicle Parking Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Category field. | |||||
| CVE-2021-37806 | 1 Phpgurukul | 1 Vehicle Parking Management System | 2023-11-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for a number of seconds used on the (1) editid , (2) viewid, and (3) catename parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database. | |||||
| CVE-2020-23936 | 1 Phpgurukul | 1 Vehicle Parking Management System | 2023-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)". | |||||
| CVE-2021-37807 | 1 Phpgurukul | 1 Online Shopping Portal | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database. | |||||
| CVE-2021-46110 | 1 Phpgurukul | 1 Online Shopping Portal | 2023-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters. | |||||
| CVE-2023-37772 | 1 Phpgurukul | 1 Online Shopping Portal | 2023-11-14 | N/A | 8.8 HIGH |
| Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php. | |||||
| CVE-2023-38890 | 1 Phpgurukul | 1 Online Shopping Portal | 2023-11-14 | N/A | 8.8 HIGH |
| Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks. | |||||
| CVE-2023-41575 | 1 Phpgurukul | 1 Blood Bank \& Donor Management System | 2023-11-14 | N/A | 5.4 MEDIUM |
| Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters. | |||||
| CVE-2020-5510 | 1 Phpgurukul | 1 Hostel Management System | 2023-11-14 | 10.0 HIGH | 9.8 CRITICAL |
| PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file. | |||||
| CVE-2023-34647 | 1 Phpgurukul | 1 Hostel Management System | 2023-11-14 | N/A | 6.1 MEDIUM |
| PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2020-25270 | 1 Phpgurukul | 1 Hostel Management System | 2023-11-14 | 3.5 LOW | 5.4 MEDIUM |
| PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City. | |||||