CVE-2025-5368

A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. It has been rated as critical. This issue affects some unknown processing of the file /expense-yearwise-reports-detailed.php. The manipulation of the argument todate leads to sql injection. The attack may be initiated...

CVE-2021-26304

PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter...

Daily Expense Tracker System SQL Injection Vulnerability (CNVD-2025-30999)

Daily Expense Tracker System is a PHP and MySQL based daily expense tracking system. The Daily Expense Tracker System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the fromdate/todate parameter of file...

PHPGurukul Daily Expense Tracker System 注入漏洞

Daily Expense Tracker System is a PHP and MySQL based daily expense tracking system. Daily Expense Tracker System suffers from a SQL injection vulnerability, which originates from the lack of validation of the fromdate/todate parameter in the file /expense-monthwise-reports-detailed.php with...

PT-2025-21877 · Unknown · Phpgurukul Daily Expense Tracker System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Daily Expense Tracker System version 1.1 Description: A critical vulnerability has been found in PHPGurukul Daily Expense Tracker System. This affects an unknown part of the file /expense-datewise-reports-detailed.php. The...

CVE-2025-25349

PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the costitem parameter...

PT-2025-7080 · Unknown · Phpgurukul Daily Expense Tracker System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Daily Expense Tracker System version 1.1 Description: The issue concerns a SQL Injection vulnerability in the /dets/add-expense.php endpoint via the costitem parameter. This allows for potential exploitation of the system. No...

CVE-2025-25351

CVE-2025-25351 affects PHPGurukul Daily Expense Tracker System v1.1, where the /dets/add-expense.php endpoint is vulnerable to SQL Injection through the dateexpense parameter. The vulnerability is caused by insufficient input validation/escaping, enabling an attacker to inject SQL statements. Doc...

CVE-2025-25349

The CVE concerns PHPGurukul Daily Expense Tracker System v1.1. The vulnerability is a SQL Injection in the /dets/add-expense.php endpoint due to the costitem parameter. Affects PHP-MySQL stack as described; impact is rated HIGH for confidentiality, integrity, and availability (CVSS 3.1: 9.8). The...

CVE-2024-22628

Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expensebudget/admin/?page=reports/budget&datestart=2023-12-28&dateend=...

CVE-2024-22628

Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection through the admin reports endpoint: /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end=. The vulnerability affects the endpoint handling date_start/date_end parameters without proper validation, enabling ...

Sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Budget and Expense Tracker System 1.0. Affected is an unknown function of the file /admin/budget/managebudget.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It i...

CVE-2023-2772 SourceCodester Budget and Expense Tracker System GET Parameter manage_budget.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Budget and Expense Tracker System 1.0. Affected is an unknown function of the file /admin/budget/managebudget.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It i...

CVE-2023-2772 SourceCodester Budget and Expense Tracker System GET Parameter manage_budget.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Budget and Expense Tracker System 1.0. Affected is an unknown function of the file /admin/budget/managebudget.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It i...

CVE-2023-2772

CVE-2023-2772 concerns SourceCodester Budget and Expense Tracker System 1.0. The vulnerability is an SQL injection in the GET parameter handler, specifically an unknown function of /admin/budget/manage_budget.php where the id argument is manipulated to inject SQL. This vulnerability can be exploi...

CVE-2021-40247

SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field...

CVE-2021-40247

SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field...

CVE-2021-40247

CVE-2021-40247 affects Sourcecodester Budget and Expense Tracker System v1.0. The vulnerability is an SQL injection via the username field caused by inadequate SQL data escaping/filtering. Exploitation in the wild is not described in the provided documents, but CVSS data indicates a high/critical...

CVE-2021-41645

Remote Code Execution RCE vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field...

CVE-2021-41645

Remote Code Execution RCE vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field...