29 matches found
CVE-2025-4073
CVE-2025-4073 affects PHPGurukul Student Record System 3.20. The vulnerability lies in an SQL injection in the change-password.php file, triggered by manipulating the currentpassword parameter. This allows remote exploitation and can lead to unauthorized access or data leakage per the sources des...
CVE-2024-3771
Affected product: PHPGurukul Student Record System 3.20. Vulnerability: SQL injection in /edit-subject.php caused by unsafely handling parameters sub1, sub2, sub3, sub4, and udate (remote exploitable). Several sources corroborate the issue and public disclosure. Impact: potential unauthorized dat...
CVE-2024-3770
The CVE-2024-3770 issue affects PHPGurukul Student Record System version 3.20, specifically the file /manage-courses.php?del=1. The root cause is improper validation of the del parameter, enabling SQL injection that can be triggered remotely. Public exploit guidance exists. Affected impact is hig...
CVE-2025-1902
PHPGurukul Student Record System 3.2 contains a SQL injection vulnerability in password-recovery.php, caused by improper handling of the emailid parameter. The vulnerability can be exploited remotely and is publicly disclosed, affecting unknown code paths in /password-recovery.php. Multiple conne...
CVE-2025-4112
CVE-2025-4112 affects PHPGurukul Student Record System v3.20. The issue is a SQL injection in the add-course.php file caused by manipulating the course-short parameter. Impact is potential unauthorized data access/steal from the database; exploitation is described as remote. Multiple connected so...
CVE-2025-4108
CVE-2025-4108 affects PHPGurukul Student Record System 3.20, with the vulnerability located in /add-subject.php where input parameter sub1 can be manipulated to trigger SQL injection. The issue can be exploited remotely and has been disclosed publicly, with multiple sources corroborating a SQL in...
CVE-2021-26764
CVE-2021-26764 affects PHPGurukul Student Record System version 4.0. The vulnerability is a SQL injection in the parameter “id” of the endpoint edit-std.php , caused by insufficient input validation. Remote attackers can execute arbitrary SQL statements via this parameter. Documented in multiple ...
CVE-2024-3769
PHPGurukul Student Record System 3.20 contains a SQL injection in an unknown function within /login.php, exploitable via manipulation of id/password arguments. The issue can be exploited remotely and has public disclosures. Connected sources identify remote exploitation and multiple advisories co...
CVE-2021-26762
CVE-2021-26762 affects PHPGurukul Student Record System 4.0. The vulnerability is an SQL injection in the edit-course.php handling of the cid parameter, caused by lack of input validation. Impact per sources: remote attacker could execute arbitrary SQL statements (high impact). Mitigation/remedia...
CVE-2021-26765
PHPGurukul Student Record System 4.0 is vulnerable to SQL injection via the sid parameter in edit-sub.php . Root cause: lack of validation of externally entered SQL in sid, enabling remote attackers to execute arbitrary SQL. Exploitation details are not provided in the sources. Affected version: ...
CVE-2025-5216
CVE-2025-5216 affects PHPGurukul Student Record System v3.20. The /login.php file processes the ID parameter without proper validation, leading to an SQL injection in remote attacker-controlled input. This vulnerability could allow an attacker to execute arbitrary SQL commands, potentially access...
CVE-2024-27685
CVE-2024-27685 describes a SQL injection in the “Student Record system Using PHP and MySQL v3.20” caused by lack of validation in the variables $cshortname, $cfullname, and $cdate. The vulnerability could allow a remote attacker to exfiltrate sensitive data (as reported across multiple trackers: ...
CVE-2025-6910
CVE-2025-6910 affects PHPGurukul Student Record System v3.2, with a SQL injection in the /session.php file exposed via manipulation of the session parameter. The vulnerability is exploitable remotely and is corroborated by multiple sources in connected documents, which consistently describe an un...
CVE-2025-6913
PHPGurukul Student Record System 3.2 contains a SQL injection flaw in /admin-profile.php via the aemailid parameter. Exploitation can be remote and the vulnerability has been disclosed publicly. The root cause is unsafe handling of the aemailid input in an unknown function of /admin-profile.php, ...
CVE-2025-6912
CVE-2025-6912 affects PHPGurukul Student Record System 3.2. The vulnerability is a SQL injection in /manage-students.php triggered by manipulating the del argument, enabling remote exploitation. Multiple sources consistently describe the issue as a critical SQL injection with an attacker able to ...
CVE-2025-6914
CVE-2025-6914 affects PHPGurukul Student Record System 3.2. The vulnerability is an SQL injection in an unknown functionality of the file /edit-student.php caused by manipulating the fmarks2 parameter. The attack can be launched remotely and the exploit has been publicly disclosed. Multiple conne...
CVE-2025-6915
The CVE-2025-6915 entry affects PHPGurukul Student Record System version 3.2. Affected component: /register.php. Root cause: manipulation of the session argument enabling SQL injection. Impact: remote attacker could execute arbitrary SQL, potentially accessing or modifying database data. Exploita...
CVE-2025-63955
CVE-2025-63955 is a CSRF vulnerability affecting PHPGurukul Student Record System v3.2 in the manage-students.php component. The issue allows an authenticated administrator to be tricked into submitting forged requests, resulting in unauthorized deletion of user (student) accounts and an applicat...
CVE-2025-6911
The CVE-2025-6911 entry concerns PHPGurukul Student Record System 3.2. A SQL injection vulnerability exists in /manage-subjects.php via the del parameter. Attackers can exploit remotely; exploits have been disclosed publicly. Several connected reports confirm the issue and its impact on confident...
CVE-2024-44636
CVE-2024-44636 affects PHPGurukul Student Record System 3.20. A SQL Injection flaw exists in /admin-profile.php, exploitable via the parameters adminname and aemailid . The vulnerability, confirmed across multiple sources, could allow an attacker to execute SQL commands and access database data. ...
CVE-2026-3402
CVE-2026-3402 affects PHPGurukul Student Record Management System up to version 1.0. The vulnerability targets the /edit-course.php code path, where manipulation of the Course Short Name argument enables cross-site scripting. Exploitation is remote and the exploit has been publicly disclosed. CVS...
CVE-2026-3403
Affected software: PHPGurukul Student Record Management System 1.0. Vulnerability: cross-site scripting via /edit-subject.php when the Subject parameter is manipulated. Root cause: unknown processing of the file leads to XSS. Impact: remote attacker can induce script execution; CVSS metrics indic...
CVE-2024-44639
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the add-subject.php parameters sub1, sub2, sub3, sub4, and course-short. The underlying issue is unsanitized/externally supplied SQL statements in those parameters, enabling an attacker to manipulate queries and access or mo...
CVE-2024-44630
CVE-2024-44630 affects PHPGurukul Student Record System 3.20. The vulnerability is an SQL injection in the file register.php due to insufficient input validation for multiple parameters: c-full, fname, mname, lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, s...
CVE-2024-44632
The CVE-2024-44632 entry concerns PHPGurukul Student Record System 3.20 with a SQL Injection in password-recovery.php, exploitable via id and emailid parameters. Root cause described across multiple sources as lack of validation/execution of externally supplied SQL, enabling data leakage via the ...
CVE-2024-44635
CVE-2024-44635 affects PHPGurukul Student Record System 3.20. A cross-site scripting vulnerability exists in admin-profile.php via the adminname and aemailid parameters due to inadequate input handling. This is confirmed across multiple sources (CNVD, Red Hat, NVD, etc.). Impact per the CVSS metr...
CVE-2024-44633
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the currentpassword parameter in change-password.php. Root cause: insufficient input validation leading to unauthorized SQL execution. Impact: potential exposure of database data (CVE-2024-44633 baseline severity MEDIUM, CVS...
CVE-2024-44640
CVE-2024-44640 affects PHPGurukul Student Record System 3.20. The vulnerability is a SQL Injection in add-course.php, exploitable via three parameters: course-short, course-full, and cdate. The underlying issue is lack of input validation/sanitization for externally supplied SQL statements in tho...
CVE-2024-55016
PHPGurukul Student Record Management System (v3.20) is vulnerable to SQL Injection in login.php via id and password parameters. Root cause appears to be lack of input validation/sanitization in the login flow, enabling attackers to inject SQL commands and potentially access or manipulate the data...