PHPGurukul Security Vulnerabilities
Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php.
8.8CVSS
9AI Score
0.018EPSS
A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php.
5.4CVSS
4.9AI Score
0.003EPSS
COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the "Admin name" parameter.
4.8CVSS
4.9AI Score
0.001EPSS
COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel.
9.8CVSS
9.8AI Score
0.019EPSS
Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.
8.8CVSS
9AI Score
0.001EPSS
Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.
5.4CVSS
5.3AI Score
0.001EPSS
Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php.
5.4CVSS
5.3AI Score
0.001EPSS
Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php.
9.8CVSS
9.7AI Score
0.002EPSS
A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint.
5.4CVSS
5.2AI Score
0.0005EPSS
An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for a number of seconds used on the (1) editid ,...
5.9CVSS
6.2AI Score
0.009EPSS
An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database.
7.5CVSS
7.9AI Score
0.002EPSS
SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An att...
5.9CVSS
6.2AI Score
0.01EPSS
Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php.
6.1CVSS
6.1AI Score
0.001EPSS
Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php.
6.1CVSS
6.1AI Score
0.001EPSS
SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php.
9.8CVSS
9.9AI Score
0.02EPSS
A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. It is possible to launch the attack remote...
6.1CVSS
6AI Score
0.001EPSS
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.
8.8CVSS
8.2AI Score
0.001EPSS
SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php.
9.8CVSS
9.8AI Score
0.017EPSS
In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server.
7.5CVSS
7.3AI Score
0.002EPSS
In Bus Pass Management System v1.0, parameters 'pagedes' and About Us are affected with a Stored Cross-site scripting vulnerability.
5.4CVSS
5.3AI Score
0.001EPSS
Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server.
7.5CVSS
7.4AI Score
0.005EPSS
SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system.
9.8CVSS
9.8AI Score
0.002EPSS
Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters.
9.8CVSS
9.9AI Score
0.002EPSS
A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input <script>alert(1)</script> le...
5.4CVSS
5.2AI Score
0.001EPSS
Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php.
7.5CVSS
7.8AI Score
0.002EPSS
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter.
9.8CVSS
9.7AI Score
0.119EPSS
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters.
7.5CVSS
7.7AI Score
0.002EPSS
Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
9.8CVSS
9.7AI Score
0.067EPSS
Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/animals via the class_id parameter.
8.8CVSS
8.9AI Score
0.002EPSS
A vulnerability was found in SourceCodester Zoo Management System and classified as critical. This issue affects some unknown processing of the file /pages/animals.php. The manipulation of the argument class_id leads to sql injection. The attack may be initiated remotely. The exploit has been discl...
9.8CVSS
9.7AI Score
0.005EPSS
A vulnerability was found in SourceCodester Zoo Management System. It has been classified as critical. Affected is an unknown function of the file /pages/apply_vacancy.php. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The expl...
9.8CVSS
9.5AI Score
0.008EPSS
A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request.
8.8CVSS
8.5AI Score
0.001EPSS
Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.
6.1CVSS
6AI Score
0.003EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters.
6.1CVSS
6AI Score
0.002EPSS
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.
9.8CVSS
10AI Score
0.134EPSS
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication.
9.8CVSS
10AI Score
0.134EPSS
An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information.
6.5CVSS
6.3AI Score
0.004EPSS
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.
9.8CVSS
10AI Score
0.134EPSS
Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF).
4.3CVSS
4.7AI Score
0.001EPSS
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php.
9.8CVSS
9.8AI Score
0.002EPSS
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php.
9.8CVSS
9.8AI Score
0.002EPSS
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php.
9.8CVSS
9.8AI Score
0.002EPSS
SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=.
6.1CVSS
5.9AI Score
0.001EPSS
Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24.
5.4CVSS
5.2AI Score
0.001EPSS
A stored cross-site scripting (XSS) vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors.
5.4CVSS
5.2AI Score
0.001EPSS
Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter.
6.1CVSS
6AI Score
0.001EPSS
Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php..
9.8CVSS
9.7AI Score
0.004EPSS
Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail...
9.8CVSS
9.6AI Score
0.002EPSS
Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature.
4.8CVSS
5AI Score
0.001EPSS
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system.
7.2CVSS
7AI Score
0.001EPSS