Lucene search
K
PhpgurukulSmall Crm

19 matches found

CVE
CVE
added 2024/04/12 3:0 p.m.62 views

CVE-2024-3690

CVE-2024-3690 affects PHPGurukul Small CRM 3.0, specifically the Change Password Handler. A SQL injection vulnerability arises from unsafely handled SQL in that component, allowing remote exploitation with public disclosure. Multiple connected sources corroborate the issue; no official patch/vers...

8.8CVSS7.3AI score0.01284EPSS
CVE
CVE
added 2024/04/12 3:31 p.m.60 views

CVE-2024-3691

CVE-2024-3691 affects PHPGurukul Small CRM 3.0, specifically the Registration Page. The vulnerability is a SQL injection caused by lack of input validation on the Registration Page, with a network-based, remotely exploitable attack. Public exploit information exists. Potential impact concerns con...

9.8CVSS7.2AI score0.00924EPSS
CVE
CVE
added 2025/05/27 2:31 a.m.56 views

CVE-2025-5226

CVE-2025-5226 concerns PHPGurukul Small CRM 3.0. The vulnerability affects the file /admin/change-password.php, where manipulation of the parameter oldpass leads to an SQL injection. The issue is remote and has public exploits disclosed. Several sources corroborate a SQL injection risk with this ...

7.5CVSS7.5AI score0.00364EPSS
Web
CVE
CVE
added 2025/05/27 3:0 a.m.55 views

CVE-2025-5227

The CVE-2025-5227 entry concerns PHPGurukul Small CRM 3.0 with a SQL injection in the /admin/manage-tickets.php endpoint. The vulnerability arises from unsafely handling the aremark parameter, enabling remote exploitation and potentially exposing or modifying database data. Multiple connected sou...

7.5CVSS7.5AI score0.00364EPSS
Web
CVE
CVE
added 2024/12/29 2:31 a.m.54 views

CVE-2024-13000

The CVE-2024-13000 entry describes a SQL injection in PHPGurukul Small CRM 1.0, caused by manipulation of the id parameter in /admin/quote-details.php. The vulnerability is network-exploitable with remote initiation, and exploits have been disclosed publicly. Affected component: the /admin/quote-...

9.8CVSS6.8AI score0.00479EPSS
Web
CVE
CVE
added 2024/12/29 2:0 a.m.50 views

CVE-2024-12999

CVE-2024-12999 affects PHPGurukul Small CRM 1.0. Affected component: /admin/edit-user.php where constructing or processing the id parameter enables SQL injection. Vulnerability can be exploited remotely and has been disclosed publicly. Impact is SQL-level data access/alteration as described in th...

9.8CVSS6.8AI score0.00479EPSS
Web
CVE
CVE
added 2024/12/29 3:0 a.m.48 views

CVE-2024-13001

CVE-2024-13001 affects PHPGurukul Small CRM 1.0. The vulnerability is an SQL injection in an unknown function of /admin/index.php, triggered by manipulating the email parameter. It can be exploited remotely and the exploit has been disclosed publicly. Reported impact is high for confidentiality, ...

9.8CVSS6.8AI score0.00406EPSS
Web
CVE
CVE
added 2025/02/10 12:0 a.m.45 views

CVE-2024-48170

PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload injected into the name field in profile.php. The vulnerability stems from insufficient filtering/escaping of user data in profile.php. CVSSv3.1 base score is 5.4 (Medium) with Network, Low attack complexity...

5.4CVSS5.6AI score0.00223EPSS
CVE
CVE
added 2025/07/28 12:0 a.m.29 views

CVE-2025-50484

PHPGurukul Small CRM v3.0 is affected by an improper session invalidation in the /crm/change-password.php component, enabling session hijacking. The CVE-2025-50484 description consistently cites this issue across multiple sources. The vulnerability arises from failure to terminate sessions proper...

7.1CVSS6.7AI score0.00261EPSS
CVE
CVE
added 2025/09/08 2:32 a.m.20 views

CVE-2025-10079

CVE-2025-10079 affects PHPGurukul Small CRM 4.0. The vulnerability is in the file /get-quote.php where manipulation of the contact parameter (Contact) enables a SQL injection. The issue can be exploited remotely, with exploit activity described as published and potentially usable in the wild. Doc...

9.8CVSS7.2AI score0.00379EPSS
CVE
CVE
added 2025/11/17 12:0 a.m.19 views

CVE-2024-44648

CVE-2024-44648 affects PHPGurukul Small CRM 3.0. The vulnerability is a SQL Injection in the file quote-details.php , via the parameters id and adminremark . The root cause is lack of validation/ sanitization of externally supplied SQL statements, enabling an attacker to execute arbitrary SQL aga...

6.5CVSS7.6AI score0.00215EPSS
CVE
CVE
added 2025/09/09 12:32 a.m.19 views

CVE-2025-10114

CVE-2025-10114 describes a SQL injection vulnerability in PHPGurukul Small CRM 4.0’s file /profile.php where the Name parameter can be manipulated to execute arbitrary SQL. The connected documents confirm remote exploitation and that the exploit has been publicly disclosed, affecting the web appl...

9.8CVSS7.4AI score0.00384EPSS
CVE
CVE
added 2025/09/02 9:2 p.m.18 views

CVE-2025-9834

PHPGurukul Small CRM 4.0 contains a cross-site scripting vulnerability in the registration.php file, triggered by manipulating the Username parameter. The issue is exploitable remotely and an exploit has been published. Multiple connected sources (including PT-Security and Red Hat/NVD entries) co...

5.4CVSS3.8AI score0.00256EPSS
CVE
CVE
added 2025/09/27 8:32 a.m.17 views

CVE-2025-11053

PHPGurukul Small CRM 4.0 is affected by a SQL injection in the /forgot-password.php file via the email parameter. The vulnerability is exploitable remotely and has public PoCs/exploit code. Remediation visible in connected advisories recommends applying a fix for version 4.0 of PHPGurukul Small C...

9.8CVSS6.7AI score0.00387EPSS
CVE
CVE
added 2025/09/18 12:2 p.m.15 views

CVE-2025-10664

CVE-2025-10664 affects PHPGurukul Small CRM 4.0, specifically the file /create-ticket.php. The vulnerability is a SQL injection caused by unsafely handling the subject parameter in an unknown function, enabling remote exploitation. Multiple connected sources confirm that the exploit has been publ...

9.8CVSS6.7AI score0.00387EPSS
CVE
CVE
added 2025/11/17 12:0 a.m.13 views

CVE-2024-44641

CVE-2024-44641 affects PHPGurukul Small CRM 3.0; the issue is a SQL Injection in the change-password.php file via the oldpass parameter. Root cause: lack of input validation/sanitization on the oldpass input, enabling attacker-controlled SQL commands. This has been reported across multiple source...

6.5CVSS7.6AI score0.00215EPSS
CVE
CVE
added 2025/11/17 12:0 a.m.12 views

CVE-2024-44647

CVE-2024-44647 affects PHPGurukul Small CRM 3.0. The issue is a Cross-Site Scripting (XSS) vulnerability in the aremark parameter of manage-tickets.php, caused by insufficient filtering/escaping of user input. Impact is potential execution of arbitrary web scripts or HTML. Remediation: upgrade to...

6.1CVSS5.8AI score0.00196EPSS
CVE
CVE
added 2025/11/17 12:0 a.m.11 views

CVE-2024-44644

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection in manage-tickets.php via the frm_id and aremark parameters due to lack of input validation. Public descriptions from CNVD, RH, CNNVD and CVE records indicate an attacker could execute arbitrary SQL and potentially steal sensitive database d...

6.5CVSS7.6AI score0.00215EPSS
CVE
CVE
added 2025/12/31 3:32 p.m.10 views

CVE-2025-15390

CVE-2025-15390 affects PHPGurukul Small CRM 4.0. The vulnerability is in the file /admin/edit-user.php where missing authorization can be exploited remotely to perform unauthorized actions. Multiple sources (NVD/Red Hat/CVE lists) consistently describe a remote-access vulnerability with publicly ...

8.8CVSS6.2AI score0.00345EPSS