Filtered by vendor Phpgurukul
Subscribe
Total
1062 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5232 | 1 Phpgurukul | 1 Student Study Center Management System | 2026-06-17 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability, which was classified as critical, has been found in PHPGurukul Student Study Center Management System 1.0. This issue affects some unknown processing of the file /admin/report.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5231 | 1 Phpgurukul | 1 Company Visitor Management System | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in PHPGurukul Company Visitor Management System 1.0. This vulnerability affects unknown code of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5230 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in PHPGurukul Online Nurse Hiring System 1.0. This affects an unknown part of the file /admin/bwdates-report-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5227 | 1 Phpgurukul | 1 Small Crm | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Small CRM 3.0 and classified as critical. This issue affects some unknown processing of the file /admin/manage-tickets.php. The manipulation of the argument aremark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-5226 | 1 Phpgurukul | 1 Small Crm | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in PHPGurukul Small CRM 3.0 and classified as critical. This vulnerability affects unknown code of the file /admin/change-password.php. The manipulation of the argument oldpass leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-5216 | 1 Phpgurukul | 1 Student Record System | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in PHPGurukul Student Record System 3.20. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5212 | 1 Phpgurukul | 1 Employee Record Management System | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Employee Record Management System 1.3. It has been classified as critical. Affected is an unknown function of the file /admin/editempexp.php. The manipulation of the argument emp1name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5211 | 1 Phpgurukul | 1 Employee Record Management System | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Employee Record Management System 1.3 and classified as critical. This issue affects some unknown processing of the file /myprofile.php. The manipulation of the argument EmpCode leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5210 | 1 Phpgurukul | 1 Employee Record Management System | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. This vulnerability affects unknown code of the file /loginerms.php. The manipulation of the argument Email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5079 | 2 Campcodes, Phpgurukul | 2 Online Shopping Portal, Online Shopping Portal | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/updateorder.php. Executing manipulation of the argument remark can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. | |||||
| CVE-2025-5078 | 2 Campcodes, Phpgurukul | 2 Online Shopping Portal, Online Shopping Portal | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/subcategory.php. Performing manipulation of the argument Category results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. | |||||
| CVE-2025-57576 | 1 Phpgurukul | 1 Online Shopping Portal | 2026-06-17 | N/A | 5.4 MEDIUM |
| PHPGurukul Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) in /admin/updateorder.php. | |||||
| CVE-2025-57151 | 1 Phpgurukul | 1 Complaint Management System | 2026-06-17 | N/A | 8.8 HIGH |
| phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/userprofile.php via the fullname parameter. | |||||
| CVE-2025-57150 | 1 Phpgurukul | 1 Complaint Management System | 2026-06-17 | N/A | 7.2 HIGH |
| phpgurukul Complaint Management System in PHP 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/subcategory.php via the categoryName parameter. | |||||
| CVE-2025-57149 | 1 Phpgurukul | 1 Complaint Management System | 2026-06-17 | N/A | 6.5 MEDIUM |
| phpgurukul Complaint Management System 2.0 is vulnerable to SQL Injection in /complaint-details.php via the cid parameter. | |||||
| CVE-2025-57148 | 1 Phpgurukul | 1 Online Shopping Portal | 2026-06-17 | N/A | 9.1 CRITICAL |
| phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation. | |||||
| CVE-2025-57147 | 1 Phpgurukul | 1 Complaint Management System | 2026-06-17 | N/A | 7.5 HIGH |
| A SQL Injection vulnerability was found in phpgurukul Complaint Management System 2.0. The vulnerability is due to lack of input validation of multiple parameters including fullname, email, and contactno in user/registration.php. | |||||
| CVE-2025-57146 | 1 Phpgurukul | 1 Complaint Management System | 2026-06-17 | N/A | 8.1 HIGH |
| phpgurukul Complaint Management System in PHP 2.0 is vulnerable to SQL Injection in user/reset-password.php via the mobileno parameter. | |||||
| CVE-2025-57145 | 1 Phpgurukul | 1 Auto Taxi Stand Management System | 2026-06-17 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in the search-autootaxi.php endpoint of the ATSMS web application. The application fails to properly sanitize user input submitted through a form field, allowing an attacker to inject arbitrary JavaScript code. The malicious payload is stored in the backend and executed when a user or administrator accesses the affected report page. This allows attackers to exfiltrate session cookies, hijack user sessions, and perform unauthorized actions in the context of the victims browser. | |||||
| CVE-2025-57119 | 1 Phpgurukul | 1 Online Library Management System | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in Online Library Management System v.3.0 allows an attacker to escalate privileges via the adminlogin.php component and the Login function | |||||