Filtered by vendor Phpgurukul
Subscribe
Total
479 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44966 | 1 Phpgurukul | 1 Employee Record Management System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system. | |||||
| CVE-2021-44965 | 1 Phpgurukul | 1 Employee Record Management System | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server. | |||||
| CVE-2021-44317 | 1 Phpgurukul | 1 Bus Pass Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us` are affected with a Stored Cross-site scripting vulnerability. | |||||
| CVE-2021-44315 | 1 Phpgurukul | 1 Bus Pass Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server. | |||||
| CVE-2021-43451 | 1 Phpgurukul | 1 Employee Record Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php. | |||||
| CVE-2021-43137 | 1 Phpgurukul | 1 Hostel Management System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover. | |||||
| CVE-2021-42224 | 1 Phpgurukul | 1 Ifsc Code Finder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php. | |||||
| CVE-2021-42223 | 1 Phpgurukul | 1 Online Dj Booking Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php. | |||||
| CVE-2021-39411 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php. | |||||
| CVE-2021-37808 | 1 Phpgurukul | 1 News Portal | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database. | |||||
| CVE-2021-37807 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database. | |||||
| CVE-2021-37806 | 1 Phpgurukul | 1 Vehicle Parking Management System | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for a number of seconds used on the (1) editid , (2) viewid, and (3) catename parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database. | |||||
| CVE-2021-37805 | 1 Phpgurukul | 1 Vehicle Parking Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint. | |||||
| CVE-2021-37782 | 1 Phpgurukul | 1 Employee Record Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php. | |||||
| CVE-2021-37781 | 1 Phpgurukul | 1 Employee Record Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
| Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php. | |||||
| CVE-2021-35388 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
| Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php. | |||||
| CVE-2021-35387 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | N/A | 8.8 HIGH |
| Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. | |||||
| CVE-2021-33470 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel. | |||||
| CVE-2021-33469 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the "Admin name" parameter. | |||||
| CVE-2021-28424 | 1 Phpgurukul | 1 Teachers Record Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php. | |||||