8 matches found
CVE-2023-1909
The CVE-2023-1909 entry concerns PHPGurukul BP Monitoring Management System 1.0. The User Profile Update Handler’s profile.php is affected; the issue arises from manipulating the name and mobno arguments, enabling a SQL injection. The vulnerability is exploitable remotely and has been disclosed p...
CVE-2025-5856
CVE-2025-5856 affects PHPGurukul BP Monitoring Management System v1.0 and specifically the /registration.php file. The root cause is improper filtering of the emailid parameter, enabling SQL injection. Exploitation can be performed remotely, and multiple sources describe exploitation of this vuln...
CVE-2025-5761
CVE-2025-5761 affects PHPGurukul BP Monitoring Management System 1.0. The vulnerability is a SQL injection in the /edit-family-member.php file caused by unsafely handling the memberage parameter, allowing remote exploitation. Several connected sources (NVD/Red Hat, CNVD/CNNVD, CVE lists, vuln enr...
CVE-2023-1948
CVE-2023-1948 affects PHPGurukul BP Monitoring Management System 1.0, specifically the Add New Family Member Handler’s file add-family-member.php. The vulnerability is a cross-site scripting flaw triggered by manipulating the parameter intended for the Member Name, enabling remote exploitation. P...
CVE-2023-1950
CVE-2023-1950 concerns a SQL injection in the Password Recovery component of PHPGurukul BP Monitoring Management System 1.0, specifically via the file password-recovery.php where manipulating the parameters emailid or contactno enables remote exploitation. Multiple connected sources corroborate t...
CVE-2023-1949
The CVE-2023-1949 entry concerns PHPGurukul BP Monitoring Management System 1.0. Affected is the Change Password Handler’s change-password.php; manipulating the password parameter enables SQL injection. Exploitation can be conducted remotely, and multiple sources (Red Hat, NVD, CVE lists, PT Secu...
CVE-2023-27074
BP Monitoring Management System v1.0 contains a SQL injection vulnerability in the login page, exploitable via the emailid parameter. The issue, as described across the CVE records, is caused by unparameterized SQL in the authentication flow, leading to potential disclosure, modification, or dest...
CVE-2025-8134
Vulnerability summary (CVE-2025-8134): PHPGurukul BP Monitoring Management System 1.0 contains a SQL injection in /bwdates-report-result.php caused by manipulating the fromdate/todate parameters. The attack is remote and the exploit has been publicly disclosed. No remediation details are provided...