Filtered by vendor Phpgurukul
Subscribe
Total
1063 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-70893 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2026-01-22 | N/A | 8.8 HIGH |
| A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authenticated attackers to inject arbitrary SQL expressions. | |||||
| CVE-2026-0803 | 1 Phpgurukul | 1 Online Course Registration System | 2026-01-22 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an unknown part of the file /enroll.php. The manipulation of the argument studentregno/Pincode/session/department/level/course/sem results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-69990 | 1 Phpgurukul | 1 News Portal | 2026-01-16 | N/A | 9.1 CRITICAL |
| phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vulnerability in remove_file.php. The parameter file can cause any file to be deleted. | |||||
| CVE-2025-69991 | 1 Phpgurukul | 1 News Portal | 2026-01-16 | N/A | 9.8 CRITICAL |
| phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in check_availablity.php. | |||||
| CVE-2025-69992 | 1 Phpgurukul | 1 News Portal | 2026-01-16 | N/A | 9.8 CRITICAL |
| phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authentication. | |||||
| CVE-2026-0547 | 1 Phpgurukul | 1 Online Course Registration | 2026-01-15 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registration Page. The manipulation of the argument photo results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-63611 | 1 Phpgurukul | 1 Hostel Management System | 2026-01-12 | N/A | 8.7 HIGH |
| Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer (/admin/complaint-details.php?cid=<id>). When an administrator opens the complaint, injected HTML/JavaScript executes in the admin's browser. | |||||
| CVE-2025-15406 | 1 Phpgurukul | 1 Online Course Registration | 2026-01-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used. | |||||
| CVE-2025-45805 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2025-12-16 | N/A | 7.6 HIGH |
| In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment. | |||||
| CVE-2023-38890 | 1 Phpgurukul | 1 Online Shopping Portal | 2025-12-08 | N/A | 8.8 HIGH |
| Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks. | |||||
| CVE-2025-65379 | 1 Phpgurukul | 1 Billing System | 2025-12-04 | N/A | 6.5 MEDIUM |
| PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the /admin/password-recovery.php endpoint. Specifically, the username and mobileno parameters accepts unvalidated user input, which is then concatenated directly into a backend SQL query. | |||||
| CVE-2025-65380 | 1 Phpgurukul | 1 Billing System | 2025-12-04 | N/A | 6.5 MEDIUM |
| PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query. | |||||
| CVE-2025-65647 | 1 Phpgurukul | 1 Online Shopping Portal | 2025-12-01 | N/A | 4.3 MEDIUM |
| Insecure Direct Object Reference (IDOR) in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter. | |||||
| CVE-2025-63955 | 1 Phpgurukul | 1 Student Record System | 2025-11-20 | N/A | 7.5 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability in the manage-students.php component of PHPGurukul Student Record System v3.2 allows an attacker to trick an authenticated administrator into submitting a forged request. This leads to the unauthorized deletion of user accounts, causing a Denial of Service (DoS). | |||||
| CVE-2024-44641 | 1 Phpgurukul | 1 Small Crm | 2025-11-19 | N/A | 6.5 MEDIUM |
| PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the oldpass parameter in change-password.php. | |||||
| CVE-2024-44644 | 1 Phpgurukul | 1 Small Crm | 2025-11-19 | N/A | 6.5 MEDIUM |
| PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the frm_id and aremark parameters in manage-tickets.php. | |||||
| CVE-2024-44647 | 1 Phpgurukul | 1 Small Crm | 2025-11-19 | N/A | 6.1 MEDIUM |
| PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via the aremark parameter in manage-tickets.php. | |||||
| CVE-2024-44648 | 1 Phpgurukul | 1 Small Crm | 2025-11-19 | N/A | 6.5 MEDIUM |
| PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via id and adminremark parameters in quote-details.php. | |||||
| CVE-2024-44657 | 1 Phpgurukul | 1 Complaint Management System | 2025-11-19 | N/A | 6.5 MEDIUM |
| PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the fromdate and todate parameters in between-date-userreport.php. | |||||
| CVE-2024-46335 | 1 Phpgurukul | 1 Complaint Management System | 2025-11-19 | N/A | 4.6 MEDIUM |
| PHPGurukul Complaint Management System 2.0 is vulnerble to Cross Site Scripting (XSS) via the fromdate and todate parameters in between-date-userreport.php. | |||||