Vulnerabilities > Phpgurukul
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-29 | CVE-2021-26304 | Cross-site Scripting vulnerability in PHPgurukul Daily Expense Tracker System 1.0 PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter. | 3.5 |
| 2021-01-29 | CVE-2021-26303 | Cross-site Scripting vulnerability in PHPgurukul Daily Expense Tracker System 1.0 PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the user-profile.php Full Name field. | 4.3 |
| 2021-01-07 | CVE-2020-35745 | Missing Authorization vulnerability in PHPgurukul Hospital Management System 4.0 PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs. | 8.8 |
| 2020-12-21 | CVE-2020-35151 | SQL Injection vulnerability in PHPgurukul Online Marriage Registration System 1.0 The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection. | 8.8 |
| 2020-11-17 | CVE-2020-28136 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPgurukul Tourism Management System 1.0 An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page. | 8.8 |
| 2020-10-08 | CVE-2020-25271 | Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 4.0 PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php. | 5.4 |
| 2020-10-08 | CVE-2020-25270 | Cross-site Scripting vulnerability in PHPgurukul Hostel Management System 2.1 PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City. | 5.4 |
| 2020-09-22 | CVE-2020-25487 | SQL Injection vulnerability in PHPgurukul ZOO Management System 1.0 PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php. | 7.8 |
| 2020-08-20 | CVE-2020-23936 | SQL Injection vulnerability in PHPgurukul Vehicle Parking Management System 1.0 PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)". | 9.8 |
| 2020-04-28 | CVE-2020-12429 | SQL Injection vulnerability in PHPgurukul Online Course Registration 2.0 Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php, admin/check_availability.php, admin/index.php, change-password.php, check_availability.php, includes/header.php, index.php, and pincode-verification.php. | 7.5 |