Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6153 | 1 Phpgurukul | 1 Hostel Management System | 2025-06-24 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in PHPGurukul Hostel Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/students.php. The manipulation of the argument search_box leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6154 | 1 Phpgurukul | 1 Hostel Management System | 2025-06-24 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Hostel Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /includes/login.inc.php. The manipulation of the argument student_roll_no leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6155 | 1 Phpgurukul | 1 Hostel Management System | 2025-06-24 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Hostel Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /includes/login-hm.inc.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-45953 | 1 Phpgurukul | 1 Hostel Management System | 2025-04-30 | N/A | 9.1 CRITICAL |
| A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely | |||||
| CVE-2023-36939 | 1 Phpgurukul | 1 Hostel Management System | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the search booking field. | |||||
| CVE-2023-36376 | 1 Phpgurukul | 1 Hostel Management System | 2024-11-21 | N/A | 4.8 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the add course section. | |||||
| CVE-2023-36375 | 1 Phpgurukul | 1 Hostel Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page. | |||||