Filtered by vendor Phpgurukul
Subscribe
Total
1062 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3087 | 1 Phpgurukul | 1 Emergency Ambulance Hiring Portal | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this issue is some unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258680. | |||||
| CVE-2024-3086 | 1 Phpgurukul | 1 Emergency Ambulance Hiring Portal | 2026-06-17 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258679. | |||||
| CVE-2024-3085 | 1 Phpgurukul | 1 Emergency Ambulance Hiring Portal | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login Page. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258678 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-3084 | 1 Phpgurukul | 1 Emergency Ambulance Hiring Portal | 2026-06-17 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Hire an Ambulance Page. The manipulation of the argument Patient Name/Relative Name/Relative Phone Number/City/State/Message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258677 was assigned to this vulnerability. | |||||
| CVE-2024-39090 | 1 Phpgurukul | 1 Online Shopping Portal | 2026-06-17 | N/A | 6.1 MEDIUM |
| The PHPGurukul Online Shopping Portal Project version 2.0 contains a vulnerability that allows Cross-Site Request Forgery (CSRF) to lead to Stored Cross-Site Scripting (XSS). An attacker can exploit this vulnerability to execute arbitrary JavaScript code in the context of a user's session, potentially leading to account takeover. | |||||
| CVE-2024-37798 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2026-06-17 | N/A | 5.9 MEDIUM |
| Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input field. | |||||
| CVE-2024-35511 | 1 Phpgurukul | 1 Men Salon Management System | 2026-06-17 | N/A | 4.7 MEDIUM |
| phpgurukul Men Salon Management System v2.0 is vulnerable to SQL Injection via the "username" parameter of /msms/admin/index.php. | |||||
| CVE-2024-34987 | 1 Phpgurukul | 1 Online Fire Reporting System | 2026-06-17 | N/A | 9.1 CRITICAL |
| A SQL Injection vulnerability exists in the `ofrs/admin/index.php` script of PHPGurukul Online Fire Reporting System 1.2. The vulnerability allows attackers to bypass authentication and gain unauthorized access by injecting SQL commands into the username input field during the login process. | |||||
| CVE-2024-32256 | 1 Phpgurukul | 1 Tourism Management System | 2026-06-17 | N/A | 8.1 HIGH |
| Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. When updating a current package, there are no checks for what types of files are uploaded from the image. | |||||
| CVE-2024-32254 | 1 Phpgurukul | 1 Tourism Management System | 2026-06-17 | N/A | 8.8 HIGH |
| Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via tms/admin/create-package.php. When creating a new package, there is no checks for what types of files are uploaded from the image. | |||||
| CVE-2024-30998 | 1 Phpgurukul | 1 Men Salon Management System | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in PHPGurukul Men Salon Management System v.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via the email parameter in the index.php component. | |||||
| CVE-2024-30990 | 1 Phpgurukul | 1 Client Management System | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in the "Invoices" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "searchdata" parameter. | |||||
| CVE-2024-30989 | 1 Phpgurukul | 1 Client Management System | 2026-06-17 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in /edit-client-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code via the "cname", "comname", "state" and "city" parameter. | |||||
| CVE-2024-30988 | 1 Phpgurukul | 1 Client Management System | 2026-06-17 | N/A | 6.8 MEDIUM |
| Cross Site Scripting vulnerability in /search-invoices.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the Search bar. | |||||
| CVE-2024-30987 | 1 Phpgurukul | 1 Client Management System | 2026-06-17 | N/A | 6.8 MEDIUM |
| Cross Site Scripting vulnerability in /bwdates-reports-ds.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the fromdate and todate parameters. | |||||
| CVE-2024-30986 | 1 Phpgurukul | 1 Client Management System | 2026-06-17 | N/A | 6.5 MEDIUM |
| Cross Site Scripting vulnerability in /edit-services-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and via "price" and "sname" parameter. | |||||
| CVE-2024-30985 | 1 Phpgurukul | 1 Client Management System | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in "B/W Dates Reports" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "todate" and "fromdate" parameters. | |||||
| CVE-2024-30983 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2026-06-17 | N/A | 7.3 HIGH |
| SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the compname parameter in /edit-computer-detail.php file. | |||||
| CVE-2024-30982 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the upid parameter in the /view-user-detail.php file. | |||||
| CVE-2024-30981 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in /edit-computer-detail.php in phpgurukul Cyber Cafe Management System Using PHP & MySQL v1.0 allows attackers to run arbitrary SQL commands via editid in the application URL. | |||||
