Filtered by vendor Phpgurukul
Subscriptions
Total
319 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-39411 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 6.1 Medium |
Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php. | ||||
CVE-2021-37808 | 1 Phpgurukul | 1 News Portal | 2024-11-21 | 5.9 Medium |
SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database. | ||||
CVE-2021-37807 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-11-21 | 7.5 High |
An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database. | ||||
CVE-2021-37806 | 1 Phpgurukul | 1 Vehicle Parking Management System | 2024-11-21 | 5.9 Medium |
An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for a number of seconds used on the (1) editid , (2) viewid, and (3) catename parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database. | ||||
CVE-2021-37805 | 1 Phpgurukul | 1 Vehicle Parking Management System | 2024-11-21 | 5.4 Medium |
A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint. | ||||
CVE-2021-37782 | 1 Phpgurukul | 1 Employee Record Management System | 2024-11-21 | 9.8 Critical |
Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php. | ||||
CVE-2021-37781 | 1 Phpgurukul | 1 Employee Record Management System | 2024-11-21 | 5.4 Medium |
Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php. | ||||
CVE-2021-35388 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 5.4 Medium |
Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php. | ||||
CVE-2021-35387 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 8.8 High |
Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php. | ||||
CVE-2021-33470 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2024-11-21 | 9.8 Critical |
COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel. | ||||
CVE-2021-33469 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2024-11-21 | 4.8 Medium |
COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the "Admin name" parameter. | ||||
CVE-2021-28424 | 1 Phpgurukul | 1 Teachers Record Management System | 2024-11-21 | 5.4 Medium |
A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php. | ||||
CVE-2021-28423 | 1 Phpgurukul | 1 Teachers Record Management System | 2024-11-21 | 8.8 High |
Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php. | ||||
CVE-2021-27822 | 1 Phpgurukul | 1 Vehicle Parking Management System | 2024-11-21 | 4.8 Medium |
A persistent cross site scripting (XSS) vulnerability in the Add Categories module of Vehicle Parking Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Category field. | ||||
CVE-2021-27545 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2024-11-21 | 6.5 Medium |
SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter. | ||||
CVE-2021-27544 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2024-11-21 | 4.8 Medium |
Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter. | ||||
CVE-2021-26822 | 1 Phpgurukul | 1 Teachers Record Management System | 2024-11-21 | 9.8 Critical |
Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks. | ||||
CVE-2021-26809 | 1 Phpgurukul | 1 Car Rental Portal | 2024-11-21 | 9.8 Critical |
PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php. | ||||
CVE-2021-26765 | 1 Phpgurukul | 1 Student Record System | 2024-11-21 | 9.8 Critical |
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php. | ||||
CVE-2021-26764 | 1 Phpgurukul | 1 Student Record System | 2024-11-21 | 8.8 High |
SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php. |