CVE-2024-44648

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via id and adminremark parameters in quote-details.php...

CVE-2024-44648

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via id and adminremark parameters in quote-details.php...

CVE-2024-44647

PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting XSS via the aremark parameter in manage-tickets.php...

CVE-2024-3691

A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. Affected by this issue is some unknown functionality of the component Registration Page. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to t...

CVE-2023-50035

CVE-2023-50035 affects PHPGurukul Small CRM 3.0. The issue is a SQL Injection in the Users login panel caused by directly using the password parameter in SQL queries without sanitization, enabling payload execution. The CVSSv3.1 base score is 9.8 (CRITICAL). Some connected sources (PT Security) d...

Small CRM 3.0 - (description) Stored Cross-Site Scripting Vulnerability

Exploit Title: Small CRM 3.0 - 'description' Stored Cross-Site Scripting XSS Exploit Author: Ghuliev Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Tested on: Server: Ubuntu When a user or admin creates a ticket, we can inject javascript...

Small CRM 3.0 Cross Site Scripting

Exploit Title: Small CRM 3.0 - 'description' Stored Cross-Site Scripting XSS Date: 20/10/2021 Exploit Author: Ghuliev Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Tested on: Server: Ubuntu When a user or admin creates a ticket, we can...

Simple CRM 3.0 - (email) SQL injection (Authentication Bypass) Vulnerability

Exploit Title: Simple CRM 3.0 - 'email' SQL injection Authentication Bypass Exploit Author: Rinku Kumar rinku191 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Category: Webapps Tested on: Apache2+MariaDB latest version Description :...

Simple CRM 3.0 - 'email' SQL injection (Authentication Bypass)

Exploit Title: Simple CRM 3.0 - 'email' SQL injection Authentication Bypass Date: 22/06/2021 Exploit Author: Rinku Kumar rinku191 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Category: Webapps Tested on: Apache2+MariaDB latest version...

Simple CRM 3.0 - (name) Stored Cross site scripting Vulnerability

Exploit Title: Simple CRM 3.0 - 'name' Stored Cross site scripting XSS Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Category: Webapps Tested on: Apache2+MariaDB latest version Description : Simpl...

Simple CRM 3.0 - 'name' Stored Cross site scripting (XSS)

Exploit Title: Simple CRM 3.0 - 'name' Stored Cross site scripting XSS Date: 20/06/2021 Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Category: Webapps Tested on: Apache2+MariaDB latest version...

Simple CRM 3.0 Cross Site Request Forgery

Exploit Title: Simple CRM 3.0 - 'Change user information' Cross-Site Request Forgery CSRF Date: 20/06/2021 Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Category: Webapps Tested on: Apache2+MariaD...

Small CRM 3.0 - (Authentication Bypass) SQL Injection Vulnerability

Exploit Title: Small CRM 3.0 - 'Authentication Bypass' SQL Injection Exploit Author: BHAVESH KAUL Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Tested on: Server: XAMPP Description Small CRM 3.0 is vulnerable to SQL Injection on it's adm...

Small CRM 3.0 - 'Authentication Bypass' SQL Injection

Exploit Title: Small CRM 3.0 - 'Authentication Bypass' SQL Injection Date: 12/06/2021 Exploit Author: BHAVESH KAUL Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Tested on: Server: XAMPP Description Small CRM 3.0 is vulnerable to SQL...

Small CRM 3.0 SQL Injection

Exploit Title: Small CRM 3.0 - 'Authentication Bypass' SQL Injection Date: 12/06/2021 Exploit Author: BHAVESH KAUL Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Tested on: Server: XAMPP Description Small CRM 3.0 is vulnerable to SQL...