8 matches found
CVE-2024-30990
CVE-2024-30990 describes a SQL injection in the Invoices page of the phpgurukul Client Management System (PHP & MySQL, v1.1). The vulnerability allows an attacker to execute arbitrary SQL commands through the searchdata parameter. The Red Hat and CNNVD entries corroborate the same issue, with the...
CVE-2024-30985
CVE-2024-30985 affects phpgurukul Client Management System version 1.1. The vulnerability is a SQL Injection in the B/W Dates Reports page, exploitable via the todates/fromdate parameters, enabling arbitrary SQL execution. CVSS: 3.1, 9.8 base score (CRITICAL); impact on confidentiality, integrity...
CVE-2024-30986
CVE-2024-30986 affects the PHPGurukul Client Management System v1.1. A Cross Site Scripting vulnerability exists in /edit-services-details.php, exploitable via the price and sname parameters. The issue arises from insufficient input sanitization, enabling attackers to inject and execute arbitrary...
CVE-2024-30987
CVE-2024-30987 affects phpgurukul Client Management System version 1.1. The vulnerability is a cross-site scripting flaw in the /bwdates-reports-ds.php endpoint, exploitable via the fromdate and todate parameters, which can lead to arbitrary code execution and access to sensitive information. The...
CVE-2024-30989
CVE-2024-30989 affects the phpgurukul Client Management System (PHP & MySQL 1.1). A cross-site scripting vulnerability exists in /edit-client-details.php that allows attackers to execute arbitrary code through the cname, comname, state, and city parameters. The connected documents do not specify ...
CVE-2024-48570
CVE-2024-48570 affects Client Management System 1.0. A SQL injection vulnerability exists in the Between Dates Reports parameter of the /admin/bwdates-reports-ds.php endpoint. The CVSS 3.1 base score is 7.5 (High) with Confidentiality impact High; no integrity/availability impact described. Conne...
CVE-2024-51209
The CVE describes Cross-Site Scripting (XSS) in Anuj Kumar’s Client Management System Version 1.2. The vulnerability affects the search input fields on the admin search invoices page and the client search invoices page, allowing an attacker to inject arbitrary web script or HTML. Technical contex...
CVE-2024-30988
The CVE-2024-30988 entry describes a Cross Site Scripting (XSS) vulnerability in phpgurukul Client Management System v1.1, specifically in the /search-invoices.php endpoint. The root cause is an XSS flaw in the search bar that can allow an attacker to execute arbitrary code and access sensitive i...