Vulnerabilities (CVE)

Filtered by vendor Phpgurukul Subscribe
Total 1062 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-55103 1 Phpgurukul 1 Online Nurse Hiring System 2026-06-17 N/A 7.2 HIGH
Online Nurse Hiring System v1.0 was discovered to contain a SQL injection vulnerability in the component /admin/profile.php via the fullname parameter.
CVE-2024-55100 1 Phpgurukul 1 Online Nurse Hiring System 2026-06-17 N/A 4.8 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Online Nurse Hiring System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fullname parameter.
CVE-2024-55099 1 Phpgurukul 1 Online Nurse Hiring System 2026-06-17 N/A 9.8 CRITICAL
A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username parameter.
CVE-2024-55059 1 Phpgurukul 1 Online Birth Certificate System 2026-06-17 N/A 6.1 MEDIUM
A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php.
CVE-2024-55058 1 Phpgurukul 1 Online Birth Certificate System 2026-06-17 N/A 4.3 MEDIUM
An insecure direct object reference (IDOR) vulnerability was discovered in PHPGurukul Online Birth Certificate System v1.0. This vulnerability resides in the viewid parameter of /user/view-application-detail.php. Authenticated users can exploit this flaw by manipulating the viewid parameter in the URL to access sensitive birth certificate details of other users without proper authorization checks.
CVE-2024-55057 1 Phpgurukul 1 Online Birth Certificate System 2026-06-17 N/A 5.4 MEDIUM
Phpgurukul Online Birth Certificate System 1.0 suffers from insufficient password requirements which can lead to unauthorized access to user accounts.
CVE-2024-55056 1 Phpgurukul 1 Online Birth Certificate System 2026-06-17 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability was identified in Phpgurukul Online Birth Certificate System 1.0 in /user/certificate-form.php via the full name field.
CVE-2024-55016 1 Phpgurukul 1 Student Record System 2026-06-17 N/A 6.5 MEDIUM
PHPGurukul Student Record Management System 3.20 is vulnerable to SQL Injection via the id and password parameters in login.php.
CVE-2024-54842 1 Phpgurukul 1 Online Nurse Hiring System 2026-06-17 N/A 9.8 CRITICAL
A SQL injection vulnerability was found in phpgurukul Online Nurse Hiring System v1.0 in /admin/password-recovery.php via the mobileno parameter.
CVE-2024-54811 1 Phpgurukul 1 Park Ticketing Management System 2026-06-17 N/A 9.8 CRITICAL
A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "login" parameter.
CVE-2024-54810 1 Phpgurukul 1 Pre-school Enrollment System 2026-06-17 N/A 9.8 CRITICAL
A SQL Injection vulnerability was found in /preschool/admin/password-recovery.php in PHPGurukul Pre-School Enrollment System Project v1.0, which allows remote attackers to execute arbitrary code via the mobileno parameter.
CVE-2024-54790 1 Phpgurukul 1 Pre-school Enrollment System 2026-06-17 N/A 7.5 HIGH
A SQL Injection vulnerability was found in /index.php in PHPGurukul Pre-School Enrollment System v1.0, which allows remote attackers to execute arbitrary code via the visittime parameter.
CVE-2024-53635 1 Phpgurukul 1 Covid19 Testing Management System 2026-06-17 N/A 4.8 MEDIUM
A Reflected Cross Site Scripting (XSS) vulnerability was found in /covid-tms/patient-search-report.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata POST request parameter.
CVE-2024-53604 1 Phpgurukul 1 Covid19 Testing Management System 2026-06-17 N/A 9.8 CRITICAL
A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the mobnumber POST request parameter.
CVE-2024-53603 1 Phpgurukul 1 Covid19 Testing Management System 2026-06-17 N/A 7.3 HIGH
A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter.
CVE-2024-53481 1 Phpgurukul 1 Beauty Parlour Management System 2026-06-17 N/A 6.1 MEDIUM
A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "Firstname" and "Last name" parameters.
CVE-2024-53480 1 Phpgurukul 1 Beauty Parlour Management System 2026-06-17 N/A 9.8 CRITICAL
Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in `login.php` via the `emailcont` parameter.
CVE-2024-53365 1 Phpgurukul 1 Vehicle Parking Management System 2026-06-17 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability was identified in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/profile.php. This vulnerability allows authenticated users to inject malicious XSS scripts into the profile name field.
CVE-2024-53364 1 Phpgurukul 1 Vehicle Parking Management System 2026-06-17 N/A 5.4 MEDIUM
A SQL injection vulnerability was found in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/view-detail.php. This vulnerability affects the viewid parameter, where improper input sanitization allows attackers to inject malicious SQL queries.
CVE-2024-51360 1 Phpgurukul 1 Hospital Management System 2026-06-17 N/A 9.8 CRITICAL
An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file