19 matches found
CVE-2024-3690
CVE-2024-3690 affects PHPGurukul Small CRM 3.0, specifically the Change Password Handler. A SQL injection vulnerability arises from unsafely handled SQL in that component, allowing remote exploitation with public disclosure. Multiple connected sources corroborate the issue; no official patch/vers...
CVE-2024-3691
CVE-2024-3691 affects PHPGurukul Small CRM 3.0, specifically the Registration Page. The vulnerability is a SQL injection caused by lack of input validation on the Registration Page, with a network-based, remotely exploitable attack. Public exploit information exists. Potential impact concerns con...
CVE-2025-5226
CVE-2025-5226 concerns PHPGurukul Small CRM 3.0. The vulnerability affects the file /admin/change-password.php, where manipulation of the parameter oldpass leads to an SQL injection. The issue is remote and has public exploits disclosed. Several sources corroborate a SQL injection risk with this ...
CVE-2025-5227
The CVE-2025-5227 entry concerns PHPGurukul Small CRM 3.0 with a SQL injection in the /admin/manage-tickets.php endpoint. The vulnerability arises from unsafely handling the aremark parameter, enabling remote exploitation and potentially exposing or modifying database data. Multiple connected sou...
CVE-2024-13000
The CVE-2024-13000 entry describes a SQL injection in PHPGurukul Small CRM 1.0, caused by manipulation of the id parameter in /admin/quote-details.php. The vulnerability is network-exploitable with remote initiation, and exploits have been disclosed publicly. Affected component: the /admin/quote-...
CVE-2024-12999
CVE-2024-12999 affects PHPGurukul Small CRM 1.0. Affected component: /admin/edit-user.php where constructing or processing the id parameter enables SQL injection. Vulnerability can be exploited remotely and has been disclosed publicly. Impact is SQL-level data access/alteration as described in th...
CVE-2024-13001
CVE-2024-13001 affects PHPGurukul Small CRM 1.0. The vulnerability is an SQL injection in an unknown function of /admin/index.php, triggered by manipulating the email parameter. It can be exploited remotely and the exploit has been disclosed publicly. Reported impact is high for confidentiality, ...
CVE-2024-48170
PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload injected into the name field in profile.php. The vulnerability stems from insufficient filtering/escaping of user data in profile.php. CVSSv3.1 base score is 5.4 (Medium) with Network, Low attack complexity...
CVE-2025-50484
PHPGurukul Small CRM v3.0 is affected by an improper session invalidation in the /crm/change-password.php component, enabling session hijacking. The CVE-2025-50484 description consistently cites this issue across multiple sources. The vulnerability arises from failure to terminate sessions proper...
CVE-2025-10079
CVE-2025-10079 affects PHPGurukul Small CRM 4.0. The vulnerability is in the file /get-quote.php where manipulation of the contact parameter (Contact) enables a SQL injection. The issue can be exploited remotely, with exploit activity described as published and potentially usable in the wild. Doc...
CVE-2024-44648
CVE-2024-44648 affects PHPGurukul Small CRM 3.0. The vulnerability is a SQL Injection in the file quote-details.php , via the parameters id and adminremark . The root cause is lack of validation/ sanitization of externally supplied SQL statements, enabling an attacker to execute arbitrary SQL aga...
CVE-2025-10114
CVE-2025-10114 describes a SQL injection vulnerability in PHPGurukul Small CRM 4.0’s file /profile.php where the Name parameter can be manipulated to execute arbitrary SQL. The connected documents confirm remote exploitation and that the exploit has been publicly disclosed, affecting the web appl...
CVE-2025-9834
PHPGurukul Small CRM 4.0 contains a cross-site scripting vulnerability in the registration.php file, triggered by manipulating the Username parameter. The issue is exploitable remotely and an exploit has been published. Multiple connected sources (including PT-Security and Red Hat/NVD entries) co...
CVE-2025-11053
PHPGurukul Small CRM 4.0 is affected by a SQL injection in the /forgot-password.php file via the email parameter. The vulnerability is exploitable remotely and has public PoCs/exploit code. Remediation visible in connected advisories recommends applying a fix for version 4.0 of PHPGurukul Small C...
CVE-2025-10664
CVE-2025-10664 affects PHPGurukul Small CRM 4.0, specifically the file /create-ticket.php. The vulnerability is a SQL injection caused by unsafely handling the subject parameter in an unknown function, enabling remote exploitation. Multiple connected sources confirm that the exploit has been publ...
CVE-2024-44641
CVE-2024-44641 affects PHPGurukul Small CRM 3.0; the issue is a SQL Injection in the change-password.php file via the oldpass parameter. Root cause: lack of input validation/sanitization on the oldpass input, enabling attacker-controlled SQL commands. This has been reported across multiple source...
CVE-2024-44647
CVE-2024-44647 affects PHPGurukul Small CRM 3.0. The issue is a Cross-Site Scripting (XSS) vulnerability in the aremark parameter of manage-tickets.php, caused by insufficient filtering/escaping of user input. Impact is potential execution of arbitrary web scripts or HTML. Remediation: upgrade to...
CVE-2024-44644
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection in manage-tickets.php via the frm_id and aremark parameters due to lack of input validation. Public descriptions from CNVD, RH, CNNVD and CVE records indicate an attacker could execute arbitrary SQL and potentially steal sensitive database d...
CVE-2025-15390
CVE-2025-15390 affects PHPGurukul Small CRM 4.0. The vulnerability is in the file /admin/edit-user.php where missing authorization can be exploited remotely to perform unauthorized actions. Multiple sources (NVD/Red Hat/CVE lists) consistently describe a remote-access vulnerability with publicly ...