Vulnerabilities > Phpgurukul
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-13 | CVE-2025-25352 | SQL Injection vulnerability in PHPgurukul Land Record System 1.0 A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the pagetitle POST request parameter. | 7.2 |
| 2025-02-13 | CVE-2025-25354 | SQL Injection vulnerability in PHPgurukul Land Record System 1.0 A SQL Injection was found in /admin/admin-profile.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactnumber POST request parameter. | 7.2 |
| 2025-02-13 | CVE-2025-25355 | SQL Injection vulnerability in PHPgurukul Land Record System 1.0 A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the fromdate POST request parameter. | 7.2 |
| 2025-02-13 | CVE-2025-25356 | SQL Injection vulnerability in PHPgurukul Land Record System 1.0 A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the " todate" POST request parameter. | 7.2 |
| 2025-02-13 | CVE-2025-25357 | SQL Injection vulnerability in PHPgurukul Land Record System 1.0 A SQL Injection vulnerability was found in /admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the email POST request parameter. | 7.2 |
| 2025-02-12 | CVE-2025-25349 | SQL Injection vulnerability in PHPgurukul Daily Expense Tracker System 1.1 PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the costitem parameter. | 9.8 |
| 2025-02-12 | CVE-2025-25351 | SQL Injection vulnerability in PHPgurukul Daily Expense Tracker System 1.1 PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the dateexpense parameter. | 9.8 |
| 2025-02-10 | CVE-2024-48170 | Cross-site Scripting vulnerability in PHPgurukul Small CRM 3.0 PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload injected into the name in the profile.php. | 5.4 |
| 2024-12-31 | CVE-2024-13085 | SQL Injection vulnerability in PHPgurukul Land Record System 1.0 A vulnerability, which was classified as critical, has been found in PHPGurukul Land Record System 1.0. | 9.8 |
| 2024-12-31 | CVE-2024-13083 | Cross-site Scripting vulnerability in PHPgurukul Land Record System 1.0 A vulnerability classified as problematic has been found in PHPGurukul Land Record System 1.0. | 5.4 |