Vulnerabilities > Phpgurukul > Employee Record Management System > 1.2

DATE	CVE	VULNERABILITY TITLE	RISK
2022-10-28	CVE-2021-37781	Cross-site Scripting vulnerability in PHPgurukul Employee Record Management System 1.2 Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php. network low complexity phpgurukul CWE-79	5.4
2022-10-28	CVE-2021-37782	SQL Injection vulnerability in PHPgurukul Employee Record Management System 1.2 Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php. network low complexity phpgurukul CWE-89 critical	9.8
2021-12-13	CVE-2021-44965	Path Traversal vulnerability in PHPgurukul Employee Record Management System 1.2 Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server. network low complexity phpgurukul CWE-22	7.5
2021-12-13	CVE-2021-44966	SQL Injection vulnerability in PHPgurukul Employee Record Management System 1.2 SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. network low complexity phpgurukul CWE-89 critical	9.8
2021-12-01	CVE-2021-43451	SQL Injection vulnerability in PHPgurukul Employee Record Management System 1.2 SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php. network low complexity phpgurukul CWE-89 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.