CVE-2025-5368

A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. It has been rated as critical. This issue affects some unknown processing of the file /expense-yearwise-reports-detailed.php. The manipulation of the argument todate leads to sql injection. The attack may be initiated...

CVE-2021-26304

PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter...

Daily Expense Tracker System SQL Injection Vulnerability (CNVD-2025-30999)

Daily Expense Tracker System is a PHP and MySQL based daily expense tracking system. The Daily Expense Tracker System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the fromdate/todate parameter of file...

PHPGurukul Daily Expense Tracker System 注入漏洞

Daily Expense Tracker System is a PHP and MySQL based daily expense tracking system. Daily Expense Tracker System suffers from a SQL injection vulnerability, which originates from the lack of validation of the fromdate/todate parameter in the file /expense-monthwise-reports-detailed.php with...

PT-2025-21877 · Unknown · Phpgurukul Daily Expense Tracker System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Daily Expense Tracker System version 1.1 Description: A critical vulnerability has been found in PHPGurukul Daily Expense Tracker System. This affects an unknown part of the file /expense-datewise-reports-detailed.php. The...

CVE-2025-25349

PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the costitem parameter...

CVE-2025-25349

The CVE concerns PHPGurukul Daily Expense Tracker System v1.1. The vulnerability is a SQL Injection in the /dets/add-expense.php endpoint due to the costitem parameter. Affects PHP-MySQL stack as described; impact is rated HIGH for confidentiality, integrity, and availability (CVSS 3.1: 9.8). The...

CVE-2025-25351

CVE-2025-25351 affects PHPGurukul Daily Expense Tracker System v1.1, where the /dets/add-expense.php endpoint is vulnerable to SQL Injection through the dateexpense parameter. The vulnerability is caused by insufficient input validation/escaping, enabling an attacker to inject SQL statements. Doc...

PT-2025-7080 · Unknown · Phpgurukul Daily Expense Tracker System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Daily Expense Tracker System version 1.1 Description: The issue concerns a SQL Injection vulnerability in the /dets/add-expense.php endpoint via the costitem parameter. This allows for potential exploitation of the system. No...

CVE-2024-22628

Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection through the admin reports endpoint: /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end=. The vulnerability affects the endpoint handling date_start/date_end parameters without proper validation, enabling ...

CVE-2024-22628

Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expensebudget/admin/?page=reports/budget&datestart=2023-12-28&dateend=...

Sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Budget and Expense Tracker System 1.0. Affected is an unknown function of the file /admin/budget/managebudget.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It i...

CVE-2023-2772

CVE-2023-2772 concerns SourceCodester Budget and Expense Tracker System 1.0. The vulnerability is an SQL injection in the GET parameter handler, specifically an unknown function of /admin/budget/manage_budget.php where the id argument is manipulated to inject SQL. This vulnerability can be exploi...

CVE-2023-2772 SourceCodester Budget and Expense Tracker System GET Parameter manage_budget.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Budget and Expense Tracker System 1.0. Affected is an unknown function of the file /admin/budget/managebudget.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It i...

CVE-2023-2772 SourceCodester Budget and Expense Tracker System GET Parameter manage_budget.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Budget and Expense Tracker System 1.0. Affected is an unknown function of the file /admin/budget/managebudget.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It i...

CVE-2021-40247

SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field...

CVE-2021-40247

SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field...

CVE-2021-40247

CVE-2021-40247 affects Sourcecodester Budget and Expense Tracker System v1.0. The vulnerability is an SQL injection via the username field caused by inadequate SQL data escaping/filtering. Exploitation in the wild is not described in the provided documents, but CVSS data indicates a high/critical...

CVE-2021-41645

Remote Code Execution RCE vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field...

CVE-2021-41645

CVE-2021-41645 affects Sourcecodester Budget and Expense Tracker System 1.0. A remote attacker can exploit the image upload field to achieve remote code execution (RCE). Descriptions across Red Hat, CNVD, CVE entries consistently state RCE via image upload, with varying severity reporting (NVD CV...