Filtered by vendor Phpgurukul
Subscriptions
Total
1040 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-65379 | 1 Phpgurukul | 1 Billing System | 2025-12-04 | 6.5 Medium |
| PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the /admin/password-recovery.php endpoint. Specifically, the username and mobileno parameters accepts unvalidated user input, which is then concatenated directly into a backend SQL query. | ||||
| CVE-2025-65380 | 1 Phpgurukul | 1 Billing System | 2025-12-04 | 6.5 Medium |
| PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query. | ||||
| CVE-2025-13577 | 1 Phpgurukul | 1 Hostel Management System | 2025-12-02 | 3.5 Low |
| A flaw has been found in PHPGurukul Hostel Management System 2.1. The impacted element is an unknown function of the file /register-complaint.php. Executing manipulation of the argument cdetails can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2025-65647 | 1 Phpgurukul | 1 Online Shopping Portal | 2025-12-01 | 4.3 Medium |
| Insecure Direct Object Reference (IDOR) in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter. | ||||
| CVE-2025-63955 | 1 Phpgurukul | 1 Student Record System | 2025-11-20 | 7.5 High |
| A Cross-Site Request Forgery (CSRF) vulnerability in the manage-students.php component of PHPGurukul Student Record System v3.2 allows an attacker to trick an authenticated administrator into submitting a forged request. This leads to the unauthorized deletion of user accounts, causing a Denial of Service (DoS). | ||||
| CVE-2025-13247 | 1 Phpgurukul | 1 Tourism Management System | 2025-11-19 | 7.3 High |
| A security flaw has been discovered in PHPGurukul Tourism Management System 1.0. The affected element is an unknown function of the file /admin/user-bookings.php. The manipulation of the argument uid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2024-44641 | 1 Phpgurukul | 1 Small Crm | 2025-11-19 | 6.5 Medium |
| PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the oldpass parameter in change-password.php. | ||||
| CVE-2024-44644 | 1 Phpgurukul | 1 Small Crm | 2025-11-19 | 6.5 Medium |
| PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the frm_id and aremark parameters in manage-tickets.php. | ||||
| CVE-2024-44647 | 1 Phpgurukul | 1 Small Crm | 2025-11-19 | 6.1 Medium |
| PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via the aremark parameter in manage-tickets.php. | ||||
| CVE-2024-44648 | 1 Phpgurukul | 1 Small Crm | 2025-11-19 | 6.5 Medium |
| PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via id and adminremark parameters in quote-details.php. | ||||
| CVE-2024-44657 | 1 Phpgurukul | 1 Complaint Management System | 2025-11-19 | 6.5 Medium |
| PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the fromdate and todate parameters in between-date-userreport.php. | ||||
| CVE-2024-46335 | 1 Phpgurukul | 1 Complaint Management System | 2025-11-19 | 4.6 Medium |
| PHPGurukul Complaint Management System 2.0 is vulnerble to Cross Site Scripting (XSS) via the fromdate and todate parameters in between-date-userreport.php. | ||||
| CVE-2024-44654 | 1 Phpgurukul | 1 Complaint Management System | 2025-11-18 | 6.5 Medium |
| PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the email and mobileno parameters in reset-password.php. | ||||
| CVE-2024-44655 | 1 Phpgurukul | 1 Complaint Management System | 2025-11-18 | 6.1 Medium |
| PHPGurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) via the search parameter in user-search.php. | ||||
| CVE-2024-44658 | 1 Phpgurukul | 1 Complaint Management System | 2025-11-18 | 6.5 Medium |
| PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the subcategory and category parameters in subcategory.php. | ||||
| CVE-2024-44660 | 1 Phpgurukul | 1 Online Shopping Portal | 2025-11-18 | 6.5 Medium |
| PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the fullname, emailid, and contactno parameters in login.php. | ||||
| CVE-2024-44662 | 1 Phpgurukul | 1 Online Shopping Portal | 2025-11-18 | 6.5 Medium |
| PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the username parameter in the admin page. | ||||
| CVE-2024-44663 | 1 Phpgurukul | 1 Online Shopping Portal | 2025-11-18 | 6.5 Medium |
| PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the product parameter in search-result.php. | ||||
| CVE-2024-44659 | 1 Phpgurukul | 1 Online Shopping Portal | 2025-11-18 | 9.8 Critical |
| PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the email parameter in forgot-password.php. | ||||
| CVE-2024-44661 | 1 Phpgurukul | 1 Online Shopping Portal | 2025-11-18 | 5.4 Medium |
| PHPGurukul Online Shopping Portal 2.0 is vulnerable to Cross Site Scripting (XSS) via the quantity parameter in my-cart.php. | ||||