Lucene search
+L
PhpgurukulStudent Record System

29 matches found

cve
cve
added 2025/04/29 5:0 p.m.67 views

CVE-2025-4073

CVE-2025-4073 affects PHPGurukul Student Record System 3.20. The vulnerability lies in an SQL injection in the change-password.php file, triggered by manipulating the currentpassword parameter. This allows remote exploitation and can lead to unauthorized access or data leakage per the sources des...

9.8CVSS7.5AI score0.00498EPSS
cve
cve
added 2024/04/15 5:31 a.m.66 views

CVE-2024-3771

Affected product: PHPGurukul Student Record System 3.20. Vulnerability: SQL injection in /edit-subject.php caused by unsafely handling parameters sub1, sub2, sub3, sub4, and udate (remote exploitable). Several sources corroborate the issue and public disclosure. Impact: potential unauthorized dat...

8.8CVSS7.3AI score0.00795EPSS
Web
cve
cve
added 2024/04/15 5:0 a.m.64 views

CVE-2024-3770

The CVE-2024-3770 issue affects PHPGurukul Student Record System version 3.20, specifically the file /manage-courses.php?del=1. The root cause is improper validation of the del parameter, enabling SQL injection that can be triggered remotely. Public exploit guidance exists. Affected impact is hig...

9.8CVSS7.3AI score0.00844EPSS
cve
cve
added 2025/03/04 4:0 a.m.61 views

CVE-2025-1902

PHPGurukul Student Record System 3.2 contains a SQL injection vulnerability in password-recovery.php, caused by improper handling of the emailid parameter. The vulnerability can be exploited remotely and is publicly disclosed, affecting unknown code paths in /password-recovery.php. Multiple conne...

9.8CVSS7.6AI score0.00559EPSS
cve
cve
added 2025/04/30 11:0 a.m.58 views

CVE-2025-4112

CVE-2025-4112 affects PHPGurukul Student Record System v3.20. The issue is a SQL injection in the add-course.php file caused by manipulating the course-short parameter. Impact is potential unauthorized data access/steal from the database; exploitation is described as remote. Multiple connected so...

9.8CVSS7.5AI score0.00432EPSS
cve
cve
added 2025/04/30 10:0 a.m.57 views

CVE-2025-4108

CVE-2025-4108 affects PHPGurukul Student Record System 3.20, with the vulnerability located in /add-subject.php where input parameter sub1 can be manipulated to trigger SQL injection. The issue can be exploited remotely and has been disclosed publicly, with multiple sources corroborating a SQL in...

9.8CVSS7.4AI score0.00432EPSS
cve
cve
added 2021/07/22 3:56 p.m.56 views

CVE-2021-26764

CVE-2021-26764 affects PHPGurukul Student Record System version 4.0. The vulnerability is a SQL injection in the parameter “id” of the endpoint edit-std.php , caused by insufficient input validation. Remote attackers can execute arbitrary SQL statements via this parameter. Documented in multiple ...

8.8CVSS9.1AI score0.02491EPSS
cve
cve
added 2024/04/15 4:0 a.m.55 views

CVE-2024-3769

PHPGurukul Student Record System 3.20 contains a SQL injection in an unknown function within /login.php, exploitable via manipulation of id/password arguments. The issue can be exploited remotely and has public disclosures. Connected sources identify remote exploitation and multiple advisories co...

9.8CVSS7.3AI score0.0095EPSS
Web
cve
cve
added 2025/05/27 12:31 a.m.47 views

CVE-2025-5216

CVE-2025-5216 affects PHPGurukul Student Record System v3.20. The /login.php file processes the ID parameter without proper validation, leading to an SQL injection in remote attacker-controlled input. This vulnerability could allow an attacker to execute arbitrary SQL commands, potentially access...

9.8CVSS7.6AI score0.00472EPSS
cve
cve
added 2021/07/22 3:43 p.m.46 views

CVE-2021-26762

CVE-2021-26762 affects PHPGurukul Student Record System 4.0. The vulnerability is an SQL injection in the edit-course.php handling of the cid parameter, caused by lack of input validation. Impact per sources: remote attacker could execute arbitrary SQL statements (high impact). Mitigation/remedia...

8.8CVSS9.1AI score0.02265EPSS
cve
cve
added 2021/07/22 3:33 p.m.46 views

CVE-2021-26765

PHPGurukul Student Record System 4.0 is vulnerable to SQL injection via the sid parameter in edit-sub.php . Root cause: lack of validation of externally entered SQL in sid, enabling remote attackers to execute arbitrary SQL. Exploitation details are not provided in the sources. Affected version: ...

9.8CVSS9.9AI score0.02924EPSS
cve
cve
added 2025/06/25 12:0 a.m.34 views

CVE-2024-27685

CVE-2024-27685 describes a SQL injection in the “Student Record system Using PHP and MySQL v3.20” caused by lack of validation in the variables $cshortname, $cfullname, and $cdate. The vulnerability could allow a remote attacker to exfiltrate sensitive data (as reported across multiple trackers: ...

7.1CVSS7.8AI score0.00282EPSS
cve
cve
added 2025/06/30 2:2 p.m.28 views

CVE-2025-6910

CVE-2025-6910 affects PHPGurukul Student Record System v3.2, with a SQL injection in the /session.php file exposed via manipulation of the session parameter. The vulnerability is exploitable remotely and is corroborated by multiple sources in connected documents, which consistently describe an un...

8.8CVSS7.6AI score0.00318EPSS
cve
cve
added 2025/06/30 3:32 p.m.27 views

CVE-2025-6913

PHPGurukul Student Record System 3.2 contains a SQL injection flaw in /admin-profile.php via the aemailid parameter. Exploitation can be remote and the vulnerability has been disclosed publicly. The root cause is unsafe handling of the aemailid input in an unknown function of /admin-profile.php, ...

8.8CVSS6.9AI score0.00318EPSS
cve
cve
added 2025/06/30 3:2 p.m.25 views

CVE-2025-6912

CVE-2025-6912 affects PHPGurukul Student Record System 3.2. The vulnerability is a SQL injection in /manage-students.php triggered by manipulating the del argument, enabling remote exploitation. Multiple sources consistently describe the issue as a critical SQL injection with an attacker able to ...

8.8CVSS6.8AI score0.00318EPSS
cve
cve
added 2025/06/30 4:2 p.m.24 views

CVE-2025-6914

CVE-2025-6914 affects PHPGurukul Student Record System 3.2. The vulnerability is an SQL injection in an unknown functionality of the file /edit-student.php caused by manipulating the fmarks2 parameter. The attack can be launched remotely and the exploit has been publicly disclosed. Multiple conne...

8.8CVSS7.7AI score0.00318EPSS
cve
cve
added 2025/06/30 4:32 p.m.24 views

CVE-2025-6915

The CVE-2025-6915 entry affects PHPGurukul Student Record System version 3.2. Affected component: /register.php. Root cause: manipulation of the session argument enabling SQL injection. Impact: remote attacker could execute arbitrary SQL, potentially accessing or modifying database data. Exploita...

8.8CVSS7.6AI score0.00318EPSS
cve
cve
added 2025/11/18 12:0 a.m.21 views

CVE-2025-63955

CVE-2025-63955 is a CSRF vulnerability affecting PHPGurukul Student Record System v3.2 in the manage-students.php component. The issue allows an authenticated administrator to be tricked into submitting forged requests, resulting in unauthorized deletion of user (student) accounts and an applicat...

7.5CVSS6.2AI score0.00204EPSS
Web
cve
cve
added 2025/06/30 2:32 p.m.21 views

CVE-2025-6911

The CVE-2025-6911 entry concerns PHPGurukul Student Record System 3.2. A SQL injection vulnerability exists in /manage-subjects.php via the del parameter. Attackers can exploit remotely; exploits have been disclosed publicly. Several connected reports confirm the issue and its impact on confident...

8.8CVSS6.8AI score0.00341EPSS
cve
cve
added 2026/03/02 1:2 a.m.19 views

CVE-2026-3403

Affected software: PHPGurukul Student Record Management System 1.0. Vulnerability: cross-site scripting via /edit-subject.php when the Subject parameter is manipulated. Root cause: unknown processing of the file leads to XSS. Impact: remote attacker can induce script execution; CVSS metrics indic...

4.8CVSS4.5AI score0.00202EPSS
cve
cve
added 2025/11/14 12:0 a.m.18 views

CVE-2024-44636

CVE-2024-44636 affects PHPGurukul Student Record System 3.20. A SQL Injection flaw exists in /admin-profile.php, exploitable via the parameters adminname and aemailid . The vulnerability, confirmed across multiple sources, could allow an attacker to execute SQL commands and access database data. ...

6.5CVSS7.6AI score0.00192EPSS
cve
cve
added 2025/11/14 12:0 a.m.18 views

CVE-2024-44639

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the add-subject.php parameters sub1, sub2, sub3, sub4, and course-short. The underlying issue is unsanitized/externally supplied SQL statements in those parameters, enabling an attacker to manipulate queries and access or mo...

6.5CVSS7.6AI score0.00235EPSS
cve
cve
added 2026/03/02 12:32 a.m.18 views

CVE-2026-3402

CVE-2026-3402 affects PHPGurukul Student Record Management System up to version 1.0. The vulnerability targets the /edit-course.php code path, where manipulation of the Course Short Name argument enables cross-site scripting. Exploitation is remote and the exploit has been publicly disclosed. CVS...

4.8CVSS4.2AI score0.00202EPSS
cve
cve
added 2025/11/14 12:0 a.m.15 views

CVE-2024-44630

CVE-2024-44630 affects PHPGurukul Student Record System 3.20. The vulnerability is an SQL injection in the file register.php due to insufficient input validation for multiple parameters: c-full, fname, mname, lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, s...

6.5CVSS7.2AI score0.00235EPSS
cve
cve
added 2025/11/14 12:0 a.m.15 views

CVE-2024-44632

The CVE-2024-44632 entry concerns PHPGurukul Student Record System 3.20 with a SQL Injection in password-recovery.php, exploitable via id and emailid parameters. Root cause described across multiple sources as lack of validation/execution of externally supplied SQL, enabling data leakage via the ...

6.5CVSS7.6AI score0.00235EPSS
cve
cve
added 2025/11/14 12:0 a.m.15 views

CVE-2024-44635

CVE-2024-44635 affects PHPGurukul Student Record System 3.20. A cross-site scripting vulnerability exists in admin-profile.php via the adminname and aemailid parameters due to inadequate input handling. This is confirmed across multiple sources (CNVD, Red Hat, NVD, etc.). Impact per the CVSS metr...

6.1CVSS5.8AI score0.0022EPSS
cve
cve
added 2025/11/14 12:0 a.m.14 views

CVE-2024-44633

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the currentpassword parameter in change-password.php. Root cause: insufficient input validation leading to unauthorized SQL execution. Impact: potential exposure of database data (CVE-2024-44633 baseline severity MEDIUM, CVS...

6.5CVSS7.6AI score0.00235EPSS
cve
cve
added 2025/11/14 12:0 a.m.12 views

CVE-2024-44640

CVE-2024-44640 affects PHPGurukul Student Record System 3.20. The vulnerability is a SQL Injection in add-course.php, exploitable via three parameters: course-short, course-full, and cdate. The underlying issue is lack of input validation/sanitization for externally supplied SQL statements in tho...

6.5CVSS7.6AI score0.00235EPSS
cve
cve
added 2025/11/14 12:0 a.m.12 views

CVE-2024-55016

PHPGurukul Student Record Management System (v3.20) is vulnerable to SQL Injection in login.php via id and password parameters. Root cause appears to be lack of input validation/sanitization in the login flow, enabling attackers to inject SQL commands and potentially access or manipulate the data...

6.5CVSS7.7AI score0.00235EPSS