Filtered by vendor Phpgurukul
Subscriptions
Total
1073 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-67315 | 1 Phpgurukul | 1 Employee Leave Management System | 2026-01-30 | 5.4 Medium |
| Cross Site Request Forgery vulnerability in Employee Leave Management System v.2.1 allows a remote attacker to escalate privileges via the manage-employee.php component | ||||
| CVE-2025-70890 | 1 Phpgurukul | 2 Cyber Cafe Management System, Cybercafe Management System | 2026-01-22 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in Cyber Cafe Management System v1.0. An authenticated attacker can inject arbitrary JavaScript code into the username parameter via the add-users.php endpoint. The injected payload is stored and executed in the victim s browser when the affected page is accessed. | ||||
| CVE-2025-70891 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2026-01-22 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in Phpgurukul Cyber Cafe Management System v1.0 within the user management module. The application does not properly sanitize or encode user-supplied input submitted via the uadd parameter in the add-users.php endpoint. An authenticated attacker can inject arbitrary JavaScript code that is persistently stored in the database. The malicious payload is triggered when a privileged user clicks the View button on the view-allusers.php page. | ||||
| CVE-2025-70892 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2026-01-22 | 9.8 Critical |
| Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate user-supplied input in the username parameter of the add-users.php endpoint. | ||||
| CVE-2025-70893 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2026-01-22 | 8.8 High |
| A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authenticated attackers to inject arbitrary SQL expressions. | ||||
| CVE-2025-69990 | 1 Phpgurukul | 2 News Portal, News Portal Project | 2026-01-16 | 9.1 Critical |
| phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vulnerability in remove_file.php. The parameter file can cause any file to be deleted. | ||||
| CVE-2025-69991 | 1 Phpgurukul | 2 News Portal, News Portal Project | 2026-01-16 | 9.8 Critical |
| phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in check_availablity.php. | ||||
| CVE-2025-69992 | 1 Phpgurukul | 2 News Portal, News Portal Project | 2026-01-16 | 9.8 Critical |
| phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authentication. | ||||
| CVE-2025-63611 | 1 Phpgurukul | 1 Hostel Management System | 2026-01-12 | 8.7 High |
| Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer (/admin/complaint-details.php?cid=<id>). When an administrator opens the complaint, injected HTML/JavaScript executes in the admin's browser. | ||||
| CVE-2025-45805 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2025-12-16 | 7.6 High |
| In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment. | ||||
| CVE-2023-38890 | 1 Phpgurukul | 1 Online Shopping Portal | 2025-12-08 | 8.8 High |
| Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks. | ||||
| CVE-2025-65379 | 1 Phpgurukul | 1 Billing System | 2025-12-04 | 6.5 Medium |
| PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the /admin/password-recovery.php endpoint. Specifically, the username and mobileno parameters accepts unvalidated user input, which is then concatenated directly into a backend SQL query. | ||||
| CVE-2025-65380 | 1 Phpgurukul | 1 Billing System | 2025-12-04 | 6.5 Medium |
| PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query. | ||||
| CVE-2025-65647 | 1 Phpgurukul | 1 Online Shopping Portal | 2025-12-01 | 4.3 Medium |
| Insecure Direct Object Reference (IDOR) in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter. | ||||
| CVE-2025-63955 | 1 Phpgurukul | 1 Student Record System | 2025-11-20 | 7.5 High |
| A Cross-Site Request Forgery (CSRF) vulnerability in the manage-students.php component of PHPGurukul Student Record System v3.2 allows an attacker to trick an authenticated administrator into submitting a forged request. This leads to the unauthorized deletion of user accounts, causing a Denial of Service (DoS). | ||||
| CVE-2024-44641 | 1 Phpgurukul | 1 Small Crm | 2025-11-19 | 6.5 Medium |
| PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the oldpass parameter in change-password.php. | ||||
| CVE-2024-44644 | 1 Phpgurukul | 1 Small Crm | 2025-11-19 | 6.5 Medium |
| PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the frm_id and aremark parameters in manage-tickets.php. | ||||
| CVE-2024-44647 | 1 Phpgurukul | 1 Small Crm | 2025-11-19 | 6.1 Medium |
| PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via the aremark parameter in manage-tickets.php. | ||||
| CVE-2024-44648 | 1 Phpgurukul | 1 Small Crm | 2025-11-19 | 6.5 Medium |
| PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via id and adminremark parameters in quote-details.php. | ||||
| CVE-2024-44657 | 1 Phpgurukul | 1 Complaint Management System | 2025-11-19 | 6.5 Medium |
| PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the fromdate and todate parameters in between-date-userreport.php. | ||||