Filtered by vendor Phpgurukul
Subscribe
Total
473 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46128 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2025-04-01 | N/A | 6.1 MEDIUM |
| phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable to Cross Site Scripting (XSS) via searchdata=. | |||||
| CVE-2024-51209 | 1 Phpgurukul | 1 Client Management System | 2025-03-31 | N/A | 5.4 MEDIUM |
| Cross-Site Scripting (XSS) vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allow local attackers to inject arbitrary web script or HTML via the search input field parameter to admin search invoice page and client search invoice page. | |||||
| CVE-2024-51065 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2025-03-31 | N/A | 9.8 CRITICAL |
| Phpgurukul Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in admin/index.php via the the username parameter. | |||||
| CVE-2024-51064 | 1 Phpgurukul | 1 Teachers Record Management System | 2025-03-31 | N/A | 9.8 CRITICAL |
| Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection via the tid parameter to admin/queries.php. | |||||
| CVE-2024-51063 | 1 Phpgurukul | 1 Teachers Record Management System | 2025-03-31 | N/A | 9.1 CRITICAL |
| Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection in add-teacher.php via the mobile number or email parameter. | |||||
| CVE-2024-48807 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2025-03-31 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in PHPGurukul Doctor Appointment Management System v.1.0 allows a local attacker to execute arbitrary code via the search parameter. | |||||
| CVE-2024-46241 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2025-03-31 | N/A | 5.9 MEDIUM |
| PHPGurukul Dairy Farm Shop Management System v1.1 is vulnerable to Cross-Site Scripting (XSS) via the pname parameter in add_product.php and edit_product.php. | |||||
| CVE-2024-46239 | 1 Phpgurukul | 1 Hospital Management System | 2025-03-31 | N/A | 5.9 MEDIUM |
| Multiple cross-site scripting vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /doctor/edit-profile.php and adminremark parameter in /admin/query-details.php. | |||||
| CVE-2024-46238 | 1 Phpgurukul | 1 Hospital Management System | 2025-03-31 | N/A | 5.9 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /admin/add-doctor.php and /admin/edit-doctor.php | |||||
| CVE-2024-48744 | 1 Phpgurukul | 1 Teachers Record Management System | 2025-03-31 | N/A | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request parameter. | |||||
| CVE-2024-48278 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-03-31 | N/A | 5.5 MEDIUM |
| Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to Cross Site Request Forgery (CSRF) via /edit-profile.php. | |||||
| CVE-2024-48279 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-03-31 | N/A | 7.6 HIGH |
| A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary HTML code via the searchkey parameter in a POST HTTP request. | |||||
| CVE-2024-48280 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-03-31 | N/A | 7.6 HIGH |
| A SQL Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL command via the fromdate parameter in a POST HTTP request. | |||||
| CVE-2024-48282 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-03-31 | N/A | 7.6 HIGH |
| A SQL Injection vulnerability was found in /password-recovery.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the femail parameter in a POST HTTP request. | |||||
| CVE-2024-40477 | 1 Phpgurukul | 1 Old Age Home Management System | 2025-03-31 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in "/oahms/admin/forgot-password.php" in PHPGurukul Old Age Home Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "email" parameter. | |||||
| CVE-2025-25462 | 1 Phpgurukul | 1 Land Record System | 2025-03-28 | N/A | 5.5 MEDIUM |
| A SQL Injection vulnerability was found in /admin/add-propertytype.php in PHPGurukul Land Record System Project in PHP v1.0 allows remote attackers to execute arbitrary code via the propertytype POST request parameter. | |||||
| CVE-2025-28011 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-03-28 | N/A | 6.1 MEDIUM |
| A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter. | |||||
| CVE-2025-28015 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-03-28 | N/A | 5.3 MEDIUM |
| A HTML Injection vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary HTML code via the fname, lname, and contact parameters. | |||||
| CVE-2024-57686 | 1 Phpgurukul | 1 Land Record System | 2025-03-28 | N/A | 9.8 CRITICAL |
| A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "pagetitle" parameter. | |||||
| CVE-2024-57687 | 1 Phpgurukul | 1 Land Record System | 2025-03-28 | N/A | 9.8 CRITICAL |
| An OS Command Injection vulnerability was found in /landrecordsys/admin/dashboard.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "Cookie" GET request parameter. | |||||