Vulnerabilities > Phpgurukul > BUS Pass Management System
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-30 | CVE-2022-35155 | Cross-site Scripting vulnerability in PHPgurukul BUS Pass Management System 1.0 Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter. | 6.1 |
| 2022-09-30 | CVE-2022-35156 | SQL Injection vulnerability in PHPgurukul BUS Pass Management System 1.0 Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php.. | 9.8 |
| 2022-08-22 | CVE-2022-36198 | SQL Injection vulnerability in PHPgurukul BUS Pass Management System 1.0 Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php | 9.8 |
| 2022-05-11 | CVE-2022-29008 | Authorization Bypass Through User-Controlled Key vulnerability in PHPgurukul BUS Pass Management System 1.0 An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information. | 6.5 |
| 2021-12-16 | CVE-2021-44315 | Files or Directories Accessible to External Parties vulnerability in PHPgurukul BUS Pass Management System 1.0 In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server. | 7.5 |
| 2021-12-16 | CVE-2021-44317 | Cross-site Scripting vulnerability in PHPgurukul BUS Pass Management System 1.0 In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us` are affected with a Stored Cross-site scripting vulnerability. | 5.4 |