Filtered by vendor Phpgurukul
Subscribe
Total
1063 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35155 | 1 Phpgurukul | 1 Bus Pass Management System | 2025-11-12 | N/A | 6.1 MEDIUM |
| Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter. | |||||
| CVE-2025-3146 | 1 Phpgurukul | 1 Bus Pass Management System | 2025-11-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in PHPGurukul Bus Pass Management System 1.0. This affects an unknown part of the file /view-pass-detail.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-5510 | 1 Phpgurukul | 1 Hostel Management System | 2025-11-11 | 10.0 HIGH | 9.8 CRITICAL |
| PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file. | |||||
| CVE-2023-36375 | 1 Phpgurukul | 1 Hostel Management System | 2025-11-11 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page. | |||||
| CVE-2025-12615 | 1 Phpgurukul | 1 News Portal | 2025-11-10 | 5.1 MEDIUM | 5.0 MEDIUM |
| A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRET_KEY leads to use of hard-coded cryptographic key . The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-50363 | 1 Phpgurukul | 1 Maid Hiring Management System | 2025-11-05 | N/A | 5.4 MEDIUM |
| Phpgurukul Maid Hiring Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in /maid-hiring.php va the name field. | |||||
| CVE-2025-12311 | 1 Phpgurukul | 1 Curfew E-pass Management System | 2025-10-30 | 3.3 LOW | 2.4 LOW |
| A vulnerability was detected in PHPGurukul Curfew e-Pass Management System 1.0. This issue affects some unknown processing of the file edit-category-detail.php. The manipulation of the argument catname results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. | |||||
| CVE-2025-12312 | 1 Phpgurukul | 1 Curfew E-pass Management System | 2025-10-30 | 3.3 LOW | 2.4 LOW |
| A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. Impacted is an unknown function of the file view-pass-detail.php. This manipulation of the argument Fullname/Category causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2025-61255 | 1 Phpgurukul | 1 Bank Locker Management System | 2025-10-23 | N/A | 6.1 MEDIUM |
| Bank Locker Management System by PHPGurukul is affected by a Cross-Site Scripting (XSS) vulnerability via the /search parameter, where unsanitized input allows arbitrary HTML and JavaScript injection, potentially resulting in information disclosure and user redirection. | |||||
| CVE-2025-28129 | 1 Phpgurukul | 1 Hostel Management System | 2025-10-21 | N/A | 5.4 MEDIUM |
| Phpgurukul Hostel Management System 2.1 is vulnerable to clickjacking. | |||||
| CVE-2025-11505 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2025-10-10 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/new-appointment.php. The manipulation of the argument delid leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-11415 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2025-10-09 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/customer-list.php. Such manipulation of the argument delid leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-57145 | 1 Phpgurukul | 1 Auto Taxi Stand Management System | 2025-10-08 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in the search-autootaxi.php endpoint of the ATSMS web application. The application fails to properly sanitize user input submitted through a form field, allowing an attacker to inject arbitrary JavaScript code. The malicious payload is stored in the backend and executed when a user or administrator accesses the affected report page. This allows attackers to exfiltrate session cookies, hijack user sessions, and perform unauthorized actions in the context of the victims browser. | |||||
| CVE-2025-61096 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2025-10-07 | N/A | 6.5 MEDIUM |
| PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter. | |||||
| CVE-2025-11330 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2025-10-07 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/sales-reports-detail.php. Such manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-28016 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-10-07 | N/A | 4.8 MEDIUM |
| A Reflected Cross-Site Scripting (XSS) vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the fname, lname, and contact parameters. | |||||
| CVE-2025-11053 | 1 Phpgurukul | 1 Small Crm | 2025-10-03 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in PHPGurukul Small CRM 4.0. This affects an unknown function of the file /forgot-password.php. Executing manipulation of the argument email can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-11112 | 1 Phpgurukul | 1 Employee Record Management System | 2025-10-02 | 5.0 MEDIUM | 4.3 MEDIUM |
| A security vulnerability has been detected in PHPGurukul Employee Record Management System 1.3. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument First name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-10459 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2025-10-02 | 7.5 HIGH | 7.3 HIGH |
| A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/all-appointment.php. The manipulation of the argument delid results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2023-6648 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2025-10-02 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file password-recovery.php. The manipulation of the argument username/contactno leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||