Filtered by vendor Phpgurukul
Subscribe
Total
234 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-37806 | 1 Phpgurukul | 1 Vehicle Parking Management System | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for a number of seconds used on the (1) editid , (2) viewid, and (3) catename parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database. | |||||
CVE-2021-42224 | 1 Phpgurukul | 1 Ifsc Code Finder | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php. | |||||
CVE-2021-37805 | 1 Phpgurukul | 1 Vehicle Parking Management System | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint. | |||||
CVE-2021-44315 | 1 Phpgurukul | 1 Bus Pass Management System | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server. | |||||
CVE-2021-43137 | 1 Phpgurukul | 1 Hostel Management System | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover. | |||||
CVE-2021-37807 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database. | |||||
CVE-2021-33469 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the "Admin name" parameter. | |||||
CVE-2020-22175 | 1 Phpgurukul | 1 Hospital Management System | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
CVE-2020-22166 | 1 Phpgurukul | 1 Hospital Management System | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
CVE-2021-26765 | 1 Phpgurukul | 1 Student Record System | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php. | |||||
CVE-2020-22170 | 1 Phpgurukul | 1 Hospital Management System | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
CVE-2020-22172 | 1 Phpgurukul | 1 Hospital Management System | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
CVE-2021-27545 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter. | |||||
CVE-2021-33470 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel. | |||||
CVE-2021-27544 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter. | |||||
CVE-2020-35427 | 1 Phpgurukul | 1 Employee Record Management System | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | |||||
CVE-2020-22164 | 1 Phpgurukul | 1 Hospital Management System | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. | |||||
CVE-2021-26762 | 1 Phpgurukul | 1 Student Record System | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php. | |||||
CVE-2020-22176 | 1 Phpgurukul | 1 Hospital Management System | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information. | |||||
CVE-2021-27822 | 1 Phpgurukul | 1 Vehicle Parking Management System | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
A persistent cross site scripting (XSS) vulnerability in the Add Categories module of Vehicle Parking Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Category field. |