Vulnerabilities (CVE)

Filtered by vendor Phpgurukul Subscribe
Total 1062 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-28129 1 Phpgurukul 1 Hostel Management System 2026-06-17 N/A 5.4 MEDIUM
Phpgurukul Hostel Management System 2.1 is vulnerable to clickjacking.
CVE-2025-28072 1 Phpgurukul 1 Pre-school Enrollment System 2026-06-17 N/A 7.5 HIGH
PHPGurukul Pre-School Enrollment System is vulnerable to Directory Traversal in manage-teachers.php.
CVE-2025-28016 1 Phpgurukul 1 User Registration \& Login And User Management System 2026-06-17 N/A 4.8 MEDIUM
A Reflected Cross-Site Scripting (XSS) vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the fname, lname, and contact parameters.
CVE-2025-28015 1 Phpgurukul 1 User Registration \& Login And User Management System 2026-06-17 N/A 5.3 MEDIUM
A HTML Injection vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary HTML code via the fname, lname, and contact parameters.
CVE-2025-28011 1 Phpgurukul 1 User Registration \& Login And User Management System 2026-06-17 N/A 6.1 MEDIUM
A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter.
CVE-2025-26156 1 Phpgurukul 1 Online Shopping Portal Project 2026-06-17 N/A 8.8 HIGH
A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter.
CVE-2025-25462 1 Phpgurukul 1 Land Record System 2026-06-17 N/A 5.5 MEDIUM
A SQL Injection vulnerability was found in /admin/add-propertytype.php in PHPGurukul Land Record System Project in PHP v1.0 allows remote attackers to execute arbitrary code via the propertytype POST request parameter.
CVE-2025-25389 1 Phpgurukul 1 Land Record System 2026-06-17 N/A 9.8 CRITICAL
A SQL Injection vulnerability was found in /admin/forgot-password.php in Phpgurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter.
CVE-2025-25388 1 Phpgurukul 1 Land Record System 2026-06-17 N/A 9.8 CRITICAL
A SQL Injection vulnerability was found in /admin/edit-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the editid GET request parameter.
CVE-2025-25387 1 Phpgurukul 1 Land Record System 2026-06-17 N/A 7.2 HIGH
A SQL Injection vulnerability was found in /admin/manage-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the propertytype POST request parameter.
CVE-2025-25357 1 Phpgurukul 1 Land Record System 2026-06-17 N/A 7.2 HIGH
A SQL Injection vulnerability was found in /admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the email POST request parameter.
CVE-2025-25356 1 Phpgurukul 1 Land Record System 2026-06-17 N/A 7.2 HIGH
A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the " todate" POST request parameter.
CVE-2025-25355 1 Phpgurukul 1 Land Record System 2026-06-17 N/A 7.2 HIGH
A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the fromdate POST request parameter.
CVE-2025-25354 1 Phpgurukul 1 Land Record System 2026-06-17 N/A 7.2 HIGH
A SQL Injection was found in /admin/admin-profile.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactnumber POST request parameter.
CVE-2025-25352 1 Phpgurukul 1 Land Record System 2026-06-17 N/A 7.2 HIGH
A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the pagetitle POST request parameter.
CVE-2025-25351 1 Phpgurukul 1 Daily Expense Tracker System 2026-06-17 N/A 9.8 CRITICAL
PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the dateexpense parameter.
CVE-2025-25349 1 Phpgurukul 1 Daily Expense Tracker System 2026-06-17 N/A 9.8 CRITICAL
PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the costitem parameter.
CVE-2025-1966 1 Phpgurukul 1 Pre-school Enrollment System 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability classified as critical was found in PHPGurukul Pre-School Enrollment System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-1954 1 Phpgurukul 1 Human Metapneumovirus Testing Management System 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-1952 1 Phpgurukul 1 Restaurant Table Booking System 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/password-recovery.php. The manipulation of the argument username/mobileno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.