Filtered by vendor Phpgurukul
Subscribe
Total
1062 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-28129 | 1 Phpgurukul | 1 Hostel Management System | 2026-06-17 | N/A | 5.4 MEDIUM |
| Phpgurukul Hostel Management System 2.1 is vulnerable to clickjacking. | |||||
| CVE-2025-28072 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2026-06-17 | N/A | 7.5 HIGH |
| PHPGurukul Pre-School Enrollment System is vulnerable to Directory Traversal in manage-teachers.php. | |||||
| CVE-2025-28016 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2026-06-17 | N/A | 4.8 MEDIUM |
| A Reflected Cross-Site Scripting (XSS) vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the fname, lname, and contact parameters. | |||||
| CVE-2025-28015 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2026-06-17 | N/A | 5.3 MEDIUM |
| A HTML Injection vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary HTML code via the fname, lname, and contact parameters. | |||||
| CVE-2025-28011 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2026-06-17 | N/A | 6.1 MEDIUM |
| A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter. | |||||
| CVE-2025-26156 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2026-06-17 | N/A | 8.8 HIGH |
| A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter. | |||||
| CVE-2025-25462 | 1 Phpgurukul | 1 Land Record System | 2026-06-17 | N/A | 5.5 MEDIUM |
| A SQL Injection vulnerability was found in /admin/add-propertytype.php in PHPGurukul Land Record System Project in PHP v1.0 allows remote attackers to execute arbitrary code via the propertytype POST request parameter. | |||||
| CVE-2025-25389 | 1 Phpgurukul | 1 Land Record System | 2026-06-17 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability was found in /admin/forgot-password.php in Phpgurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter. | |||||
| CVE-2025-25388 | 1 Phpgurukul | 1 Land Record System | 2026-06-17 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability was found in /admin/edit-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the editid GET request parameter. | |||||
| CVE-2025-25387 | 1 Phpgurukul | 1 Land Record System | 2026-06-17 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/manage-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the propertytype POST request parameter. | |||||
| CVE-2025-25357 | 1 Phpgurukul | 1 Land Record System | 2026-06-17 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the email POST request parameter. | |||||
| CVE-2025-25356 | 1 Phpgurukul | 1 Land Record System | 2026-06-17 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the " todate" POST request parameter. | |||||
| CVE-2025-25355 | 1 Phpgurukul | 1 Land Record System | 2026-06-17 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the fromdate POST request parameter. | |||||
| CVE-2025-25354 | 1 Phpgurukul | 1 Land Record System | 2026-06-17 | N/A | 7.2 HIGH |
| A SQL Injection was found in /admin/admin-profile.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactnumber POST request parameter. | |||||
| CVE-2025-25352 | 1 Phpgurukul | 1 Land Record System | 2026-06-17 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the pagetitle POST request parameter. | |||||
| CVE-2025-25351 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2026-06-17 | N/A | 9.8 CRITICAL |
| PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the dateexpense parameter. | |||||
| CVE-2025-25349 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2026-06-17 | N/A | 9.8 CRITICAL |
| PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the costitem parameter. | |||||
| CVE-2025-1966 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in PHPGurukul Pre-School Enrollment System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-1954 | 1 Phpgurukul | 1 Human Metapneumovirus Testing Management System | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-1952 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/password-recovery.php. The manipulation of the argument username/mobileno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
