Vulnerabilities > Phpgurukul
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-10 | CVE-2022-24646 | SQL Injection vulnerability in PHPgurukul Hospital Management System 4.0 Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters. | 7.5 |
| 2022-01-31 | CVE-2022-24263 | SQL Injection vulnerability in PHPgurukul Hospital Management System 4.0 Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter. | 9.8 |
| 2021-12-16 | CVE-2021-44315 | Files or Directories Accessible to External Parties vulnerability in PHPgurukul BUS Pass Management System 1.0 In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server. | 7.5 |
| 2021-12-16 | CVE-2021-44317 | Cross-site Scripting vulnerability in PHPgurukul BUS Pass Management System 1.0 In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us` are affected with a Stored Cross-site scripting vulnerability. | 5.4 |
| 2021-12-13 | CVE-2021-44965 | Path Traversal vulnerability in PHPgurukul Employee Record Management System 1.2 Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server. | 7.5 |
| 2021-12-13 | CVE-2021-44966 | SQL Injection vulnerability in PHPgurukul Employee Record Management System 1.2 SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. | 9.8 |
| 2021-12-01 | CVE-2021-43137 | Cross-site Scripting vulnerability in PHPgurukul Hostel Management System 2.1 Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. | 8.8 |
| 2021-12-01 | CVE-2021-43451 | SQL Injection vulnerability in PHPgurukul Employee Record Management System 1.2 SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php. | 9.8 |
| 2021-11-05 | CVE-2021-39411 | Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 4.0 Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php. | 6.1 |
| 2021-10-27 | CVE-2021-37805 | Cross-site Scripting vulnerability in PHPgurukul Vehicle Parking Management System 1.0 A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint. | 5.4 |