Filtered by vendor Phpgurukul
Subscriptions
Total
590 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-40477 | 1 Phpgurukul | 1 Old Age Home Management System | 2025-03-31 | 9.8 Critical |
| A SQL injection vulnerability in "/oahms/admin/forgot-password.php" in PHPGurukul Old Age Home Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "email" parameter. | ||||
| CVE-2025-25462 | 1 Phpgurukul | 1 Land Record System | 2025-03-28 | 5.5 Medium |
| A SQL Injection vulnerability was found in /admin/add-propertytype.php in PHPGurukul Land Record System Project in PHP v1.0 allows remote attackers to execute arbitrary code via the propertytype POST request parameter. | ||||
| CVE-2025-28011 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-03-28 | 6.1 Medium |
| A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter. | ||||
| CVE-2025-28015 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-03-28 | 5.3 Medium |
| A HTML Injection vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary HTML code via the fname, lname, and contact parameters. | ||||
| CVE-2024-57686 | 1 Phpgurukul | 1 Land Record System | 2025-03-28 | 9.8 Critical |
| A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "pagetitle" parameter. | ||||
| CVE-2024-57687 | 1 Phpgurukul | 1 Land Record System | 2025-03-28 | 9.8 Critical |
| An OS Command Injection vulnerability was found in /landrecordsys/admin/dashboard.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "Cookie" GET request parameter. | ||||
| CVE-2025-25389 | 1 Phpgurukul | 1 Land Record System | 2025-03-28 | 9.8 Critical |
| A SQL Injection vulnerability was found in /admin/forgot-password.php in Phpgurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter. | ||||
| CVE-2025-25388 | 1 Phpgurukul | 1 Land Record System | 2025-03-28 | 9.8 Critical |
| A SQL Injection vulnerability was found in /admin/edit-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the editid GET request parameter. | ||||
| CVE-2025-25387 | 1 Phpgurukul | 1 Land Record System | 2025-03-28 | 7.2 High |
| A SQL Injection vulnerability was found in /admin/manage-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the propertytype POST request parameter. | ||||
| CVE-2022-46499 | 1 Phpgurukul | 1 Hospital Management System | 2025-03-28 | 8.8 High |
| Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_admin_view_single_patient.php. | ||||
| CVE-2022-46498 | 1 Phpgurukul | 1 Hospital Management System | 2025-03-28 | 2.7 Low |
| Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the doc_number parameter at his_admin_view_single_employee.php. | ||||
| CVE-2022-46497 | 1 Phpgurukul | 1 Hospital Management System | 2025-03-28 | 8.1 High |
| Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the pat_number parameter at his_doc_view_single_patien.php. | ||||
| CVE-2024-57175 | 1 Phpgurukul | 1 Online Birth Certificate System | 2025-03-28 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was identified in the PHPGURUKUL Online Birth Certificate System v1.0 via the profile name to /user/certificate-form.php. | ||||
| CVE-2024-12976 | 1 Phpgurukul | 1 Hospital Management System | 2025-03-28 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in CodeZips Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /staff.php. The manipulation of the argument tel leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-55104 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2025-03-28 | 7.2 High |
| Online Nurse Hiring System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component /admin/add-nurse.php via the gender and emailid parameters. | ||||
| CVE-2024-55103 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2025-03-28 | 7.2 High |
| Online Nurse Hiring System v1.0 was discovered to contain a SQL injection vulnerability in the component /admin/profile.php via the fullname parameter. | ||||
| CVE-2024-55100 | 1 Phpgurukul | 1 Online Nurse Hiring System | 2025-03-28 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Online Nurse Hiring System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fullname parameter. | ||||
| CVE-2024-55232 | 1 Phpgurukul | 1 Online Notes Sharing Management System | 2025-03-28 | 5.4 Medium |
| An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to delete notes belonging to other accounts due to missing authorization checks. This flaw enables attackers to delete another user's information. | ||||
| CVE-2024-28456 | 2 Campcodes, Phpgurukul | 2 Online Marriage Registration System, Online Marriage Registration System | 2025-03-27 | 9 Critical |
| Cross Site Scripting vulnerability in Campcodes Online Marriage Registration System v.1.0 allows a remote attacker to execute arbitrary code via the text fields in the marriage registration request form. | ||||
| CVE-2025-2674 | 1 Phpgurukul | 1 Bank Locker Management System | 2025-03-27 | 7.3 High |
| A vulnerability classified as critical was found in PHPGurukul Bank Locker Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||