23 matches found
EUVD-2020-23069
Malware in sbrugna...
CVE-2024-29390
Daily Expenses Management System version 1.0, developed by PHP Gurukul, contains a time-based blind SQL injection vulnerability in the 'add-expense.php' page. An attacker can exploit the 'item' parameter in a POST request to execute arbitrary SQL commands in the backend database. This can be done...
Daily Expense Tracker System SQL Injection Vulnerability (CNVD-2025-31004)
Daily Expense Tracker System is a PHP and MySQL based daily expense tracking system. Daily Expense Tracker System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the dateexpense parameter in /dets/add-expense.php. No details ...
Daily Expense Tracker System SQL Injection Vulnerability (CNVD-2025-31003)
Daily Expense Tracker System is a PHP and MySQL based daily expense tracking system. Daily Expense Tracker System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the costitem parameter in /dets/add-expense.php. No details ...
CVE-2025-25349
PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the costitem parameter...
CVE-2025-25351
PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the dateexpense parameter...
PHPGurukul Daily Expense Tracker System 安全漏洞
Daily Expense Tracker System is a PHP and MySQL based daily expense tracking system. Daily Expense Tracker System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the costitem parameter in /dets/add-expense.php. No details ...
PHPGurukul Daily Expense Tracker System 安全漏洞
Daily Expense Tracker System is a PHP and MySQL based daily expense tracking system. Daily Expense Tracker System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the dateexpense parameter in /dets/add-expense.php. No details ...
PT-2025-7080 · Unknown · Phpgurukul Daily Expense Tracker System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Daily Expense Tracker System version 1.1 Description: The issue concerns a SQL Injection vulnerability in the /dets/add-expense.php endpoint via the costitem parameter. This allows for potential exploitation of the system. No...
The vulnerability of the add-expense.php script of the Daily Expenses Management System allows a perpetrator to execute arbitrary SQL commands.
The vulnerability of the add-expense.php file in the Daily Expenses Management System is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary SQL commands using specially created POST...
CVE-2024-29390
Daily Expenses Management System version 1.0, developed by PHP Gurukul, contains a time-based blind SQL injection vulnerability in the 'add-expense.php' page. An attacker can exploit the 'item' parameter in a POST request to execute arbitrary SQL commands in the backend database. This can be done...
PHPGurukul Daily Expenses Management System Security Vulnerability
PHPGurukul Daily Expenses Management System is a daily expenses management system from PHPGurukul, Inc. A security vulnerability exists in PHPGurukul Daily Expenses Management System version 1.0, which is caused by a time-based SQL injection vulnerability in the add-expense.php page, which can be...
CVE-2023-39707
A stored cross-site scripting XSS vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section...
CVE-2023-39707
A stored cross-site scripting XSS vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section...
CVE-2023-39707
A stored cross-site scripting XSS vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section...
Cross site scripting
A stored cross-site scripting XSS vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section...
CVE-2023-39707
A stored cross-site scripting XSS vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section...
HTML Injection in add expense via transaction tab
Steps to reproduce After login into demo account, Go to the transaction page and there your can add or create an expense If your on the write path, while creating or adding an expense there will be description field In the Description field, enter the following payload Y00 and click save Now, you...
Daily Expense Tracker System Cross-Site Scripting Vulnerability (CNVD-2025-31005)
Daily Expense Tracker System is a PHP and MySQL based daily expense tracking system. Daily Expense Tracker System suffers from a cross-site scripting vulnerability that originates from the add-expense.php Item parameter. No details of the vulnerability are available at this time...
PHPGurukul Daily Expense Tracker System 跨站脚本漏洞
Daily Expense Tracker System is a PHP and MySQL based daily expense tracking system. Daily Expense Tracker System suffers from a cross-site scripting vulnerability that originates from the add-expense.php Item parameter. No details of the vulnerability are available at this time...