Filtered by vendor Phpgurukul
Subscribe
Total
899 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-57148 | 1 Phpgurukul | 1 Online Shopping Portal | 2025-09-04 | N/A | 9.1 CRITICAL |
| phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation. | |||||
| CVE-2025-56254 | 1 Phpgurukul | 1 Employee Leave Management System | 2025-09-04 | N/A | 4.3 MEDIUM |
| PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference (IDOR) vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to access leave application details of other users. | |||||
| CVE-2025-9814 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2025-09-03 | 7.5 HIGH | 7.3 HIGH |
| A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/contact-us.php. The manipulation of the argument mobnumber results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-56212 | 1 Phpgurukul | 1 Hospital Management System | 2025-09-02 | N/A | 9.8 CRITICAL |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter. | |||||
| CVE-2025-56214 | 1 Phpgurukul | 1 Hospital Management System | 2025-09-02 | N/A | 9.8 CRITICAL |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter. | |||||
| CVE-2025-56215 | 1 Phpgurukul | 1 Hospital Management System | 2025-09-02 | N/A | 6.5 MEDIUM |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the pagetitle parameter. | |||||
| CVE-2025-56216 | 1 Phpgurukul | 1 Hospital Management System | 2025-09-02 | N/A | 8.5 HIGH |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter. | |||||
| CVE-2025-9302 | 1 Phpgurukul | 1 User Management System | 2025-08-22 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in PHPGurukul User Management System 1.0. This vulnerability affects unknown code of the file /signup.php. Such manipulation of the argument emailid leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-9307 | 1 Phpgurukul | 1 Online Course Registration | 2025-08-22 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in PHPGurukul Online Course Registration 3.1. This affects an unknown function of the file /admin/session.php. This manipulation of the argument sesssion causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2025-9017 | 1 Phpgurukul | 1 Zoo Management System | 2025-08-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in PHPGurukul Zoo Management System 2.1. This vulnerability affects unknown code of the file /admin/add-foreigner-ticket.php. The manipulation of the argument visitorname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9024 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2025-08-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /book-appointment.php. The manipulation of the argument Message leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9011 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2025-08-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was determined in PHPGurukul Online Shopping Portal Project 2.0. Affected by this issue is some unknown functionality of the file /shopping/signup.php. The manipulation of the argument emailid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9012 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2025-08-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in PHPGurukul Online Shopping Portal Project 2.0. This affects an unknown part of the file shopping/bill-ship-addresses.php. The manipulation of the argument billingpincode leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9013 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2025-08-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.0. This vulnerability affects unknown code of the file /shopping/password-recovery.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8951 | 1 Phpgurukul | 1 Teachers Record Management System | 2025-08-14 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-51045 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2025-08-07 | N/A | 6.5 MEDIUM |
| Phpgurukul Pre-School Enrollment System 1.0 contains a SQL injection vulnerability in the /admin/password-recovery.php file. This vulnerability is attributed to the insufficient validation of user input for the username parameter. | |||||
| CVE-2025-51044 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2025-08-07 | N/A | 6.5 MEDIUM |
| phpgurukul Nipah virus (NiV) Testing Management System 1.0 contains a SQL injection vulnerability in the /new-user-testing.php file, due to insufficient validation of user input for the " govtissuedid" parameter. | |||||
| CVE-2025-50484 | 1 Phpgurukul | 1 Small Crm | 2025-08-07 | N/A | 7.1 HIGH |
| Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0 allows attackers to execute a session hijacking attack. | |||||
| CVE-2025-8431 | 1 Phpgurukul | 1 Boat Booking System | 2025-08-05 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/add-boat.php. The manipulation of the argument boatname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8179 | 1 Phpgurukul | 1 Local Services Search Engine Management System | 2025-07-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||