Filtered by vendor Phpgurukul
Subscribe
Total
1062 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6126 | 1 Phpgurukul | 1 Rail Pass Management System | 2026-06-17 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /contact.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-6125 | 1 Phpgurukul | 1 Rail Pass Management System | 2026-06-17 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/aboutus.php. The manipulation of the argument pagedes leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-69992 | 1 Phpgurukul | 1 News Portal | 2026-06-17 | N/A | 9.8 CRITICAL |
| phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authentication. | |||||
| CVE-2025-69991 | 1 Phpgurukul | 1 News Portal | 2026-06-17 | N/A | 9.8 CRITICAL |
| phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in check_availablity.php. | |||||
| CVE-2025-69990 | 1 Phpgurukul | 1 News Portal | 2026-06-17 | N/A | 9.1 CRITICAL |
| phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vulnerability in remove_file.php. The parameter file can cause any file to be deleted. | |||||
| CVE-2025-65647 | 1 Phpgurukul | 1 Online Shopping Portal | 2026-06-17 | N/A | 4.3 MEDIUM |
| Insecure Direct Object Reference (IDOR) in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter. | |||||
| CVE-2025-65380 | 1 Phpgurukul | 1 Billing System | 2026-06-17 | N/A | 6.5 MEDIUM |
| PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query. | |||||
| CVE-2025-65379 | 1 Phpgurukul | 1 Billing System | 2026-06-17 | N/A | 6.5 MEDIUM |
| PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the /admin/password-recovery.php endpoint. Specifically, the username and mobileno parameters accepts unvalidated user input, which is then concatenated directly into a backend SQL query. | |||||
| CVE-2025-63955 | 1 Phpgurukul | 1 Student Record System | 2026-06-17 | N/A | 7.5 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability in the manage-students.php component of PHPGurukul Student Record System v3.2 allows an attacker to trick an authenticated administrator into submitting a forged request. This leads to the unauthorized deletion of user accounts, causing a Denial of Service (DoS). | |||||
| CVE-2025-63611 | 1 Phpgurukul | 1 Hostel Management System | 2026-06-17 | N/A | 8.7 HIGH |
| Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer (/admin/complaint-details.php?cid=<id>). When an administrator opens the complaint, injected HTML/JavaScript executes in the admin's browser. | |||||
| CVE-2025-61255 | 1 Phpgurukul | 1 Bank Locker Management System | 2026-06-17 | N/A | 6.1 MEDIUM |
| Bank Locker Management System by PHPGurukul is affected by a Cross-Site Scripting (XSS) vulnerability via the /search parameter, where unsanitized input allows arbitrary HTML and JavaScript injection, potentially resulting in information disclosure and user redirection. | |||||
| CVE-2025-61096 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2026-06-17 | N/A | 6.5 MEDIUM |
| PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter. | |||||
| CVE-2025-5976 | 1 Phpgurukul | 1 Rail Pass Management System | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in PHPGurukul Rail Pass Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/add-pass.php. The manipulation of the argument fullname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-5975 | 1 Phpgurukul | 1 Rail Pass Management System | 2026-06-17 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in PHPGurukul Rail Pass Management System 1.0. This affects an unknown part of the file /rpms/download-pass.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5974 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this issue is some unknown functionality of the file /check-status.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5973 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2026-06-17 | 3.3 LOW | 2.4 LOW |
| A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-table.php. The manipulation of the argument tableno leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5972 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2026-06-17 | 3.3 LOW | 2.4 LOW |
| A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/manage-subadmins.php. The manipulation of the argument fullname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-5970 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2026-06-17 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/add-subadmin.php. The manipulation of the argument fullname leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-5860 | 1 Phpgurukul | 1 Maid Hiring Management System | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in PHPGurukul Maid Hiring Management System 1.0. This affects an unknown part of the file /admin/search-booking-request.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5859 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /test-details.php. The manipulation of the argument assignto leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||