17 matches found
CVE-2022-29006
Summary (CVE-2022-29006) : Directory Management System 1.0 contains multiple SQL injection vulnerabilities in the Admin panel via the username and password parameters, enabling an attacker to bypass authentication. The Nuclei template and related entries describe exploitation that could lead to s...
CVE-2024-5135
The CVE-2024-5135 entry concerns PHPGurukul Directory Management System v1.0, where a SQL injection is possible in /admin/index.php via the username parameter. The vulnerability can be triggered remotely and an exploit has been publicly disclosed. Public documents corroborate this as a directory ...
CVE-2022-31382
Directory Management System v1.0 contains a SQL injection vulnerability in the search-dirctory.php component, exploitable via the searchdata parameter. This is the root cause described across multiple sources (CVE-2022-31382). Impact details are limited to the SQLi risk; CVSS scores in the cited ...
CVE-2022-31384
CVE-2022-31384 affects Directory Management System v1.0, with a SQL injection vulnerability in add-directory.php exploitable via the fullname parameter due to insufficient input validation. Affected component is the add-directory.php endpoint; the issue enables arbitrary SQL execution and potenti...
CVE-2024-5136
CVE-2024-5136 affects PHPGurukul Directory Management System 1.0. The vulnerability is in an unknown function within /admin/search-directory.php, enabling cross-site scripting. Impact is limited to a client-side compromise via XSS; exploitation can be remote and a public exploit exists. Multiple ...
CVE-2022-31383
Directory Management System v1.0 is affected by a SQL injection vulnerability triggered via the editid parameter in view-directory.php. The issue is consistently described across multiple sources as an SQL injection originating from the editid input, enabling arbitrary SQL execution. The CVE-2022...
CVE-2025-45021
Affected software: PHPGurukul Directory Management System v2.0 (admin/edit-directory.php). Vulnerability: SQL Injection via the POST parameter “email,” enabling arbitrary SQL execution. Root cause / vector: Improper handling of the email parameter in admin/edit-directory.php (SQLi). Impact (as st...
CVE-2024-5137
CVE-2024-5137 affects PHPGurukul Directory Management System 1.0. The issue is in the /admin/admin-profile.php file of the Searchbar component, where input manipulation leads to cross-site scripting. The vulnerability can be exploited remotely, and the exploit has been disclosed publicly (VDB-265...
CVE-2025-4862
The CVE-2025-4862 entry concerns PHPGurukul Directory Management System 2.0. Affected is unknown functionality in /searchdata.php where manipulating the searchdata argument triggers cross-site scripting. Root cause cited across sources is inadequate filtering/escaping of user-supplied data in par...
CVE-2025-4697
CVE-2025-4697 affects PHPGurukul Directory Management System 2.0. The vulnerability is in the file /admin/edit-directory.php where the argument editid is unsafely used, enabling SQL injection. This could allow an attacker to remotely exploit and potentially exfiltrate data or alter the database, ...
CVE-2025-4698
The CVE-2025-4698 entry concerns PHPGurukul Directory Management System 2.0. A SQL injection vulnerability exists in the /admin/forget-password.php file, exploitable by manipulating the email parameter. This vulnerability is remote-exploitable and is described across multiple sources as critical/...
CVE-2025-6330
The CVE-2025-6330 entry concerns PHPGurukul Directory Management System 1.0 with a SQL injection in /searchdata.php via the searchdata parameter. Connected documents confirm remote exploitation and public disclosure, caused by lack of input validation in an unknown function of that file. Impact i...
CVE-2025-6331
CVE-2025-6331 affects PHPGurukul Directory Management System v1.0. The vulnerability is an SQL injection in the /admin/search-directory.php endpoint, caused by unsafely handling the searchdata parameter. The issue can be exploited remotely and the exploit has been publicly disclosed, potentially ...
CVE-2025-6333
PHPGurukul Directory Management System 2.0 contains a SQL injection in /admin/admin-profile.php via the adminname parameter. Exploitation is remote; multiple sources describe the issue as critical with potential to access or corrupt data. Connected documents consistently identify the vulnerabilit...
CVE-2025-6332
The CVE-2025-6332 entry concerns PHPGurukul Directory Management System 2.0. Affects the file /admin/manage-directory.php, where manipulation of the del parameter enables SQL injection due to insufficient input validation. This vulnerability can be exploited remotely, with public exploit disclosu...
CVE-2026-1160
CVE-2026-1160 affects PHPGurukul Directory Management System 1.0. The vulnerability is an SQL injection in the Search component, specifically the /index.php handling of the searchdata argument. The affected element is an unknown function within Search; exploitation can be remote and the exploit h...
CVE-2025-9656
PHPGurukul Directory Management System 2.0 contains a cross-site scripting vulnerability in the file /admin/add-directory.php. The issue arises from unsafely manipulating the fullname parameter, enabling remote attacker-triggered script execution. The vulnerability is publicly disclosed and can b...