Vulnerabilities (CVE)

Filtered by vendor Phpgurukul Subscribe
Total 1062 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-50991 1 Phpgurukul 1 User Management System 2026-06-17 N/A 4.8 MEDIUM
A Cross Site Scripting (XSS) vulnerability was found in /ums-sp/admin/registered-users.php in PHPGurukul User Management System v1.0, which allows remote attackers to execute arbitrary code via the "fname" POST request parameter
CVE-2024-50990 1 Phpgurukul 1 Online Marriage Registration System 2026-06-17 N/A 6.1 MEDIUM
A Reflected Cross Site Scriptng (XSS) vulnerability was found in /omrs/user/search.php in PHPGurukul Online Marriage Registration System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" POST request parameter.
CVE-2024-50989 1 Phpgurukul 1 Online Marriage Registration System 2026-06-17 N/A 9.8 CRITICAL
A SQL injection vulnerability in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System v1.0 allows an attacker to execute arbitrary SQL commands via the "searchdata " parameter.
CVE-2024-50843 1 Phpgurukul 1 User Registration \& Login And User Management System 2026-06-17 N/A 5.3 MEDIUM
A Directory listing issue was found in PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers attacker to access sensitive files and directories via /loginsystem/assets.
CVE-2024-4294 1 Phpgurukul 1 Doctor Appointment Management System 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/view-appointment-detail.php. The manipulation of the argument editid leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-262226 is the identifier assigned to this vulnerability.
CVE-2024-4293 1 Phpgurukul 1 Doctor Appointment Management System 2026-06-17 4.0 MEDIUM 3.5 LOW
A vulnerability classified as problematic was found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file appointment-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262225 was assigned to this vulnerability.
CVE-2024-48807 1 Phpgurukul 1 Doctor Appointment Management System 2026-06-17 N/A 5.4 MEDIUM
Cross Site Scripting vulnerability in PHPGurukul Doctor Appointment Management System v.1.0 allows a local attacker to execute arbitrary code via the search parameter.
CVE-2024-48744 1 Phpgurukul 1 Teachers Record Management System 2026-06-17 N/A 6.1 MEDIUM
A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request parameter.
CVE-2024-48704 1 Phpgurukul 1 Medical Card Generation System 2026-06-17 N/A 6.1 MEDIUM
Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes.
CVE-2024-48702 1 Phpgurukul 1 Old Age Home Management System 2026-06-17 N/A 5.4 MEDIUM
PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter.
CVE-2024-48570 1 Phpgurukul 1 Client Management System 2026-06-17 N/A 7.5 HIGH
Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php.
CVE-2024-48284 1 Phpgurukul 1 User Registration \& Login And User Management System 2026-06-17 N/A 4.8 MEDIUM
A Reflected Cross-Site Scripting (XSS) vulnerability was found in the /search-result.php page of the PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary scripts via the searchkey parameter in a POST HTTP request.
CVE-2024-48283 1 Phpgurukul 1 User Registration \& Login And User Management System 2026-06-17 N/A 9.8 CRITICAL
Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection in /admin//search-result.php via the searchkey parameter.
CVE-2024-48282 1 Phpgurukul 1 User Registration \& Login And User Management System 2026-06-17 N/A 7.6 HIGH
A SQL Injection vulnerability was found in /password-recovery.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the femail parameter in a POST HTTP request.
CVE-2024-48280 1 Phpgurukul 1 User Registration \& Login And User Management System 2026-06-17 N/A 7.6 HIGH
A SQL Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL command via the fromdate parameter in a POST HTTP request.
CVE-2024-48279 1 Phpgurukul 1 User Registration \& Login And User Management System 2026-06-17 N/A 7.6 HIGH
A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary HTML code via the searchkey parameter in a POST HTTP request.
CVE-2024-48278 1 Phpgurukul 1 User Registration \& Login And User Management System 2026-06-17 N/A 5.5 MEDIUM
Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to Cross Site Request Forgery (CSRF) via /edit-profile.php.
CVE-2024-48170 1 Phpgurukul 1 Small Crm 2026-06-17 N/A 5.4 MEDIUM
PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload injected into the name in the profile.php.
CVE-2024-46531 1 Phpgurukul 1 Vehicle Record System 2026-06-17 N/A 6.3 MEDIUM
phpgurukul Vehicle Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchinputdata parameter at /index.php.
CVE-2024-46335 1 Phpgurukul 1 Complaint Management System 2026-06-17 N/A 4.6 MEDIUM
PHPGurukul Complaint Management System 2.0 is vulnerble to Cross Site Scripting (XSS) via the fromdate and todate parameters in between-date-userreport.php.