8 matches found
CVE-2025-5599
CVE-2025-5599 affects PHPGurukul Student Result Management System 1.3. The vulnerability resides in /editmyexp.php where manipulation of the emp1ctc parameter enables SQL injection. The issue can be exploited remotely and has public disclosure. Impact is described as high for confidentiality, int...
CVE-2023-48722
CVE-2023-48722 affects the “Student Result Management System v1.0.” The vulnerability is described as multiple unauthenticated SQL injection flaws in the add_results.php resource, caused by failure to validate the characters in the class_name parameter, which is sent unfiltered to the database. D...
CVE-2023-48720
CVE-2023-48720 affects the Student Result Management System v1.0 . The vulnerability is multiple unauthenticated SQL injection in the login.php resource, where the password parameter is not validated and is passed unfiltered to the database. This leads to potential disclosure, modification, or da...
CVE-2025-7534
CVE-2025-7534 affects PHPGurukul Student Result Management System 2.0, specifically the GET Parameter Handler in /notice-details.php where the nid parameter is not properly sanitized, allowing SQL injection. The vulnerability enables remote exploitation and has had exploits disclosed publicly. Mu...
CVE-2023-48718
The CVE-2023-48718 entry affects Student Result Management System v1.0, with unauthenticated SQL Injection via the add_students.php resource where the class_name parameter is not validated before sending to the database. Root cause: unsanitized user input reaching SQL queries. Impact: high (per C...
CVE-2025-50489
CVE-2025-50489 affects the PHPGurukul Student Result Management System v2.0, specifically the /srms/change-password.php component. The issue is improper session invalidation, which enables session hijacking attacks. The CVSS details indicate network access with low attack complexity and no privil...
CVE-2025-50490
CVE-2025-50490 affects PHPGurukul Student Result Management System v2.0, with the vulnerable component /elms/emp-changepassword.php experiencing improper session invalidation that enables session hijacking. The issue is described across multiple sources (Red Hat, NVD, CNVD, CVE List) as a vulnera...
CVE-2025-56710
CVE-2025-56710 describes a Cross-Site Request Forgery (CSRF) in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2.0. The vulnerability allows an attacker to trick an authenticated user into submitting unauthorized requests to the endpoint /create-class.php, potentia...