Vulnerabilities > Phpgurukul
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-16 | CVE-2021-44315 | Files or Directories Accessible to External Parties vulnerability in PHPgurukul BUS Pass Management System 1.0 In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server. | 7.5 |
| 2021-12-16 | CVE-2021-44317 | Cross-site Scripting vulnerability in PHPgurukul BUS Pass Management System 1.0 In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us` are affected with a Stored Cross-site scripting vulnerability. | 5.4 |
| 2021-12-13 | CVE-2021-44965 | Path Traversal vulnerability in PHPgurukul Employee Record Management System 1.2 Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server. | 7.5 |
| 2021-12-13 | CVE-2021-44966 | SQL Injection vulnerability in PHPgurukul Employee Record Management System 1.2 SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. | 9.8 |
| 2021-12-01 | CVE-2021-43137 | Cross-site Scripting vulnerability in PHPgurukul Hostel Management System 2.1 Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. | 8.8 |
| 2021-12-01 | CVE-2021-43451 | SQL Injection vulnerability in PHPgurukul Employee Record Management System 1.2 SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php. | 9.8 |
| 2021-11-05 | CVE-2021-39411 | Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 4.0 Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php. | 6.1 |
| 2021-10-27 | CVE-2021-37805 | Cross-site Scripting vulnerability in PHPgurukul Vehicle Parking Management System 1.0 A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint. | 5.4 |
| 2021-10-27 | CVE-2021-37806 | SQL Injection vulnerability in PHPgurukul Vehicle Parking Management System 1.0 An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. | 5.9 |
| 2021-10-27 | CVE-2021-37807 | SQL Injection vulnerability in PHPgurukul Online Shopping Portal 3.1 An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database. | 7.5 |