PT-2025-22817 · Unknown · Phpgurukul Student Management System

Name of the Vulnerable Software and Affected Versions: PHPGURUKUL Student Management System using PHP and MySQL version 1 Description: The issue is related to multiple SQL injection vulnerabilities. These vulnerabilities are located at the "/studentrecordms/login.php" API endpoint, specifically v...

CVE-2022-43104

Tenda AC23 V16.03.07.45cn was discovered to contain a stack overflow via the wpapskcrypto parameter in the fromSetWirelessRepeat function...

CVE-2022-32002

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/managecourt.php?id=...

CVE-2022-3067

An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects'...

CVE-2022-30110

The file preview functionality in Jirafeau 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this image/svg+xml file...

CVE-2022-3026

The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2 via the 'Export Users' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into profile information like First Names that...

CVE-2022-28435

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php=displaygoal=1=1...

CVE-2022-28436

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php=display=Hide=...

CVE-2022-28229

The hash functionality in userver before 42059b6319661583b3080cab9b595d4f8ac48128 allows attackers to cause a denial of service via crafted HTTP request, involving collisions...

CVE-2022-27817

SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality...

CVE-2022-24043

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The login functionality of the application fails to normalize the response times o...

CVE-2022-3988

A vulnerability was found in Frappe. It has been rated as problematic. Affected by this issue is some unknown functionality of the file frappe/templates/includes/navbar/navbarsearch.html of the component Search. The manipulation of the argument q leads to cross site scripting. The attack may be...

CVE-2022-39279

discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places render a chat channel's name and description in an unsafe way, allowing staff members to cause an cross site scripting XSS attack by inserting unsafe HTML into them...

CVE-2022-30306

A stack-based buffer overflow vulnerability CWE-121 in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted password...

CVE-2022-43665

A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2022-24956

An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability allows a remote...

CVE-2022-40732

An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboo...

CVE-2021-43319

Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality...

CVE-2021-3380

Insecure direct object reference IDOR vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality...

CVE-2021-38120

A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1...