ReportizFlow
Filtered by vendor Phpgurukul
Subscriptions
Total
1102 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-56212 | 1 Phpgurukul | 1 Hospital Management System | 2026-04-28 | 9.8 Critical |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter. | ||||
| CVE-2025-57150 | 1 Phpgurukul | 1 Complaint Management System | 2026-04-28 | 7.2 High |
| phpgurukul Complaint Management System in PHP 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/subcategory.php via the categoryName parameter. | ||||
| CVE-2025-57151 | 1 Phpgurukul | 1 Complaint Management System | 2026-04-28 | 8.8 High |
| phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/userprofile.php via the fullname parameter. | ||||
| CVE-2026-39109 | 1 Phpgurukul | 1 Apartment Visitors Management System | 2026-04-27 | 9.4 Critical |
| SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page (index.php). This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve sensitive database contents. | ||||
| CVE-2026-39110 | 1 Phpgurukul | 1 Apartment Visitors Management System | 2026-04-27 | 8.2 High |
| SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page (forgot-password.php). This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve sensitive database contents. | ||||
| CVE-2026-39111 | 1 Phpgurukul | 1 Apartment Visitors Management System | 2026-04-27 | 7.5 High |
| SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the email parameter of the forgot password page (forgot-password.php). This allows an unauthenticated attacker to manipulate backend SQL queries and retrieve sensitive user data. | ||||
| CVE-2026-39112 | 1 Phpgurukul | 1 Apartment Visitors Management System | 2026-04-27 | 5.4 Medium |
| Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject arbitrary JavaScript that is later executed when the malicious input is viewed in manage-newvisitors.php or visitor-detail.php. | ||||
| CVE-2026-5560 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2026-04-24 | 6.3 Medium |
| A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /payment-method.php of the component Parameter Handler. Performing a manipulation of the argument paymethod results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-5558 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2026-04-24 | 6.3 Medium |
| A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. | ||||
| CVE-2026-5552 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2026-04-24 | 6.3 Medium |
| A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This issue affects some unknown processing of the file /sub-category.php of the component Parameter Handler. This manipulation of the argument pid causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-5543 | 1 Phpgurukul | 1 User Registration & Login And User Management System | 2026-04-24 | 6.3 Medium |
| A vulnerability was identified in PHPGurukul User Registration & Login and User Management System 3.3. The affected element is an unknown function of the file /admin/yesterday-reg-users.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | ||||
| CVE-2026-5814 | 1 Phpgurukul | 1 Online Course Registration | 2026-04-24 | 7.3 High |
| A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/check_availability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-5813 | 1 Phpgurukul | 1 Online Course Registration | 2026-04-24 | 7.3 High |
| A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /check_availability.php. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-5837 | 1 Phpgurukul | 1 News Portal Project | 2026-04-24 | 7.3 High |
| A vulnerability was found in PHPGurukul News Portal Project 4.1. This affects an unknown part of the file /news-details.php. The manipulation of the argument Comment results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-5838 | 1 Phpgurukul | 1 News Portal Project | 2026-04-24 | 4.7 Medium |
| A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulnerability affects unknown code of the file /admin/add-subadmins.php. This manipulation of the argument sadminusername causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-5840 | 1 Phpgurukul | 1 News Portal Project | 2026-04-24 | 4.7 Medium |
| A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /admin/check_availability.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-5839 | 1 Phpgurukul | 1 News Portal Project | 2026-04-24 | 4.7 Medium |
| A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknown processing of the file /admin/add-subcategory.php. Such manipulation of the argument sucatdescription leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-6162 | 1 Phpgurukul | 1 Company Visitor Management System | 2026-04-24 | 3.5 Low |
| A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-56216 | 1 Phpgurukul | 1 Hospital Management System | 2026-04-23 | 8.5 High |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter. | ||||
| CVE-2025-56215 | 1 Phpgurukul | 1 Hospital Management System | 2026-04-23 | 6.5 Medium |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the pagetitle parameter. | ||||