Filtered by vendor Phpgurukul
Subscribe
Total
221 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31382 | 1 Phpgurukul | 1 Directory Management System | 2023-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php. | |||||
| CVE-2022-29007 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2023-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication. | |||||
| CVE-2020-36062 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2023-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised. | |||||
| CVE-2023-41594 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2023-10-04 | N/A | 7.5 HIGH |
| Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters. | |||||
| CVE-2022-29009 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2023-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication. | |||||
| CVE-2022-28992 | 1 Phpgurukul | 1 Online Banquet Booking System | 2023-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request. | |||||
| CVE-2022-29006 | 1 Phpgurukul | 1 Directory Management System | 2023-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication. | |||||
| CVE-2022-31384 | 1 Phpgurukul | 1 Directory Management System | 2023-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php. | |||||
| CVE-2022-31383 | 1 Phpgurukul | 1 Directory Management System | 2023-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php. | |||||
| CVE-2021-44965 | 1 Phpgurukul | 1 Employee Record Management System | 2023-09-25 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server. | |||||
| CVE-2021-37782 | 1 Phpgurukul | 1 Employee Record Management System | 2023-09-25 | N/A | 9.8 CRITICAL |
| Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php. | |||||
| CVE-2021-37781 | 1 Phpgurukul | 1 Employee Record Management System | 2023-09-25 | N/A | 5.4 MEDIUM |
| Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php. | |||||
| CVE-2021-43451 | 1 Phpgurukul | 1 Employee Record Management System | 2023-09-25 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php. | |||||
| CVE-2021-44966 | 1 Phpgurukul | 1 Employee Record Management System | 2023-09-25 | 10.0 HIGH | 9.8 CRITICAL |
| SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system. | |||||
| CVE-2020-35427 | 1 Phpgurukul | 1 Employee Record Management System | 2023-09-25 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | |||||
| CVE-2023-37771 | 1 Phpgurukul | 1 Art Gallery Management System | 2023-08-04 | N/A | 9.8 CRITICAL |
| Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php. | |||||
| CVE-2021-26304 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2021-02-01 | 3.5 LOW | 5.4 MEDIUM |
| PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter. | |||||
| CVE-2021-26303 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2021-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the user-profile.php Full Name field. | |||||
| CVE-2020-12429 | 1 Phpgurukul | 1 Online Course Registration | 2020-05-05 | 7.5 HIGH | 9.8 CRITICAL |
| Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php, admin/check_availability.php, admin/index.php, change-password.php, check_availability.php, includes/header.php, index.php, and pincode-verification.php. | |||||
| CVE-2020-10106 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2020-03-06 | 7.5 HIGH | 9.8 CRITICAL |
| PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt. | |||||