Filtered by vendor Phpgurukul
Subscribe
Total
1062 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-57118 | 1 Phpgurukul | 1 Online Library Management System | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php | |||||
| CVE-2025-56710 | 1 Phpgurukul | 1 Student Result Management System | 2026-06-17 | N/A | 7.3 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2.0. This flaw allows an attacker to trick authenticated users into unintentionally modifying their account details. By crafting a malicious HTML page, an attacker can submit unauthorized requests to the vulnerable endpoint: /create-class.php. | |||||
| CVE-2025-56254 | 1 Phpgurukul | 1 Employee Leave Management System | 2026-06-17 | N/A | 4.3 MEDIUM |
| PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference (IDOR) vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to access leave application details of other users. | |||||
| CVE-2025-56216 | 1 Phpgurukul | 1 Hospital Management System | 2026-06-17 | N/A | 8.5 HIGH |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter. | |||||
| CVE-2025-56215 | 1 Phpgurukul | 1 Hospital Management System | 2026-06-17 | N/A | 6.5 MEDIUM |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the pagetitle parameter. | |||||
| CVE-2025-56214 | 1 Phpgurukul | 1 Hospital Management System | 2026-06-17 | N/A | 9.8 CRITICAL |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter. | |||||
| CVE-2025-56212 | 1 Phpgurukul | 1 Hospital Management System | 2026-06-17 | N/A | 9.8 CRITICAL |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter. | |||||
| CVE-2025-56075 | 1 Phpgurukul | 1 Park Ticketing Management System | 2026-06-17 | N/A | 5.4 MEDIUM |
| A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the fromdate parameter in a POST request. | |||||
| CVE-2025-56074 | 1 Phpgurukul | 1 Park Ticketing Management System | 2026-06-17 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the fromdate parameter in a POST request. | |||||
| CVE-2025-52074 | 1 Phpgurukul | 1 Online Shopping Portal | 2026-06-17 | N/A | 6.1 MEDIUM |
| PHPGURUKUL Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) due to lack of input sanitization in the quantity parameter when adding a product to the cart. | |||||
| CVE-2025-51672 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2026-06-17 | N/A | 8.0 HIGH |
| A time-based blind SQL injection vulnerability was identified in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability exists in the manage-companies.php file and allows remote attackers to execute arbitrary SQL code via the companyname parameter in a POST request. | |||||
| CVE-2025-51671 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2026-06-17 | N/A | 5.4 MEDIUM |
| A SQL injection vulnerability was discovered in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability allows remote attackers to execute arbitrary SQL code via the category and categorycode parameters in a POST request to the manage-categories.php file. | |||||
| CVE-2025-51045 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2026-06-17 | N/A | 6.5 MEDIUM |
| Phpgurukul Pre-School Enrollment System 1.0 contains a SQL injection vulnerability in the /admin/password-recovery.php file. This vulnerability is attributed to the insufficient validation of user input for the username parameter. | |||||
| CVE-2025-51044 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2026-06-17 | N/A | 6.5 MEDIUM |
| phpgurukul Nipah virus (NiV) Testing Management System 1.0 contains a SQL injection vulnerability in the /new-user-testing.php file, due to insufficient validation of user input for the " govtissuedid" parameter. | |||||
| CVE-2025-50699 | 1 Phpgurukul | 1 Online Dj Booking Management System | 2026-06-17 | N/A | 6.1 MEDIUM |
| PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in odms/admin/view-user-queries.php. | |||||
| CVE-2025-50695 | 1 Phpgurukul | 1 Online Dj Booking Management System | 2026-06-17 | N/A | 6.1 MEDIUM |
| PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in /admin/view-booking-detail.php and /admin/invoice-generating.php. | |||||
| CVE-2025-50693 | 1 Phpgurukul | 1 Online Dj Booking Management System | 2026-06-17 | N/A | 6.5 MEDIUM |
| PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference (IDOR) in odms/request-details.php. | |||||
| CVE-2025-50494 | 1 Phpgurukul | 1 Car Washing Management System | 2026-06-17 | N/A | 7.5 HIGH |
| Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack. | |||||
| CVE-2025-50493 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2026-06-17 | N/A | 7.5 HIGH |
| Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack. | |||||
| CVE-2025-50492 | 1 Phpgurukul | 1 E-diary Management System | 2026-06-17 | N/A | 7.5 HIGH |
| Improper session invalidation in the component /edms/change-password.php of PHPGurukul e-Diary Management System v1 allows attackers to execute a session hijacking attack. | |||||