5 matches found
CVE-2024-50991
The CVE-2024-50991 entry concerns PHPGurukul User Management System v1.0, with an XSS flaw in /ums-sp/admin/registered-users.php. The vulnerability allows remote attackers to execute arbitrary code via the fname parameter in a POST request. The available documents consistently identify the affect...
CVE-2025-9302
PHPGurukul User Management System 1.0 is affected by a SQL injection in signup.php via the emailid parameter. The vulnerability allows remote exploitation with a publicly available exploit, as confirmed by multiple connected sources (CNVD/PT-2025-34224/CNNVD-like reports). Root cause: lack of val...
CVE-2025-10624
CVE-2025-10624 affects PHPGurukul User Management System 1.0. The vulnerability lies in the login.php file where manipulating the emailid parameter enables SQL injection—remotely exploitable; public exploit referenced. Severity varies by source, but core sources describe potential exposure of dat...
CVE-2025-10098
PHPGurukul User Management System 1.0 has a SQL injection in /admin/edit-user-profile.php when the uid argument is manipulated. The vulnerability is exploitable remotely, and public exploits have been released. The CVE is corroborated across NVD and other feeds (Red Hat, CVE List, PT Security) wi...
CVE-2025-9756
The CVE-2025-9756 entry concerns PHPGurukul User Management System v1.0, with a flaw in /admin/change-emailid.php where manipulating the uid parameter leads to SQL injection. Exploitation is remote and the exploit has been published. Public sources consistently describe a SQL injection in the uid...