Filtered by vendor Phpgurukul
Subscribe
Total
320 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10158 | 1 Phpgurukul | 1 Boat Booking System | 2024-10-22 | 5.0 MEDIUM | 8.8 HIGH |
| A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0. Affected is the function session_start. The manipulation leads to session fixiation. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10159 | 1 Phpgurukul | 1 Boat Booking System | 2024-10-22 | 7.5 HIGH | 7.2 HIGH |
| A vulnerability classified as critical was found in PHPGurukul Boat Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/profile.php of the component My Profile Page. The manipulation of the argument sadminusername/fullname/emailid/mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "mobilenumber" to be affected. But it must be assumed that other parameters are affected as well. | |||||
| CVE-2024-10160 | 1 Phpgurukul | 1 Boat Booking System | 2024-10-22 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in PHPGurukul Boat Booking System 1.0. Affected by this issue is some unknown functionality of the file /admin/bwdates-report-details.php of the component BW Dates Report Page. The manipulation of the argument fdate/tdate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "fdate" to be affected. But it must be assumed "tdate" is affected as well. | |||||
| CVE-2024-10191 | 1 Phpgurukul | 1 Boat Booking System | 2024-10-22 | 4.0 MEDIUM | 4.8 MEDIUM |
| A vulnerability, which was classified as problematic, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file /admin/book-details.php of the component Booking Details Page. The manipulation of the argument Official Remark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10162 | 1 Phpgurukul | 1 Boat Booking System | 2024-10-21 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-subadmin.php of the component Edit Subdomain Details Page. The manipulation of the argument sadminusername/fullname/emailid/mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "mobilenumber" to be affected. But it must be assumed that other parameters are affected as well. | |||||
| CVE-2024-10161 | 1 Phpgurukul | 1 Boat Booking System | 2024-10-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file change-image.php of the component Update Boat Image Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9326 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /shopping/admin/index.php of the component Admin Panel. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-8463 | 1 Phpgurukul | 1 Job Portal | 2024-09-12 | N/A | 8.8 HIGH |
| File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell. | |||||
| CVE-2024-8473 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through user_email parameter in /jobportal/admin/login.php. | |||||
| CVE-2024-8472 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through multiple parameters in /jobportal/index.php. | |||||
| CVE-2024-8471 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through JOBID and USERNAME parameters in /jobportal/process.php. | |||||
| CVE-2024-8470 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | N/A | 7.5 HIGH |
| SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/vacancy/controller.php, and retrieve all the information stored in it. | |||||
| CVE-2024-8469 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | N/A | 7.5 HIGH |
| SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/employee/index.php, and retrieve all the information stored in it. | |||||
| CVE-2024-8468 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | N/A | 7.5 HIGH |
| SQL injection vulnerability, by which an attacker could send a specially designed query through search parameter in /jobportal/index.php, and retrieve all the information stored in it. | |||||
| CVE-2024-8467 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | N/A | 7.5 HIGH |
| SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/category/index.php, and retrieve all the information stored in it. | |||||
| CVE-2024-8466 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | N/A | 7.5 HIGH |
| SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/category/controller.php, and retrieve all the information stored in it. | |||||
| CVE-2024-8465 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | N/A | 7.5 HIGH |
| SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it. | |||||
| CVE-2024-8464 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | N/A | 7.5 HIGH |
| SQL injection vulnerability, by which an attacker could send a specially designed query through JOBREGID parameter in /jobportal/admin/applicants/controller.php, and retrieve all the information stored in it. | |||||
| CVE-2024-40484 | 1 Phpgurukul | 1 Old Age Home Management System | 2024-08-15 | N/A | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in "/oahms/search.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter. | |||||
| CVE-2024-40481 | 1 Phpgurukul | 1 Old Age Home Management System | 2024-08-15 | N/A | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/view-enquiry.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the Contact Us page "message" parameter. | |||||