Vulnerabilities > Phpgurukul

DATE CVE VULNERABILITY TITLE RISK
2021-12-16 CVE-2021-44315 Files or Directories Accessible to External Parties vulnerability in PHPgurukul BUS Pass Management System 1.0
In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server.
network
low complexity
phpgurukul CWE-552
7.5
2021-12-16 CVE-2021-44317 Cross-site Scripting vulnerability in PHPgurukul BUS Pass Management System 1.0
In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us` are affected with a Stored Cross-site scripting vulnerability.
network
low complexity
phpgurukul CWE-79
5.4
2021-12-13 CVE-2021-44965 Path Traversal vulnerability in PHPgurukul Employee Record Management System 1.2
Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server.
network
low complexity
phpgurukul CWE-22
7.5
2021-12-13 CVE-2021-44966 SQL Injection vulnerability in PHPgurukul Employee Record Management System 1.2
SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php.
network
low complexity
phpgurukul CWE-89
critical
9.8
2021-12-01 CVE-2021-43137 Cross-site Scripting vulnerability in PHPgurukul Hostel Management System 2.1
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php.
network
low complexity
phpgurukul CWE-79
8.8
2021-12-01 CVE-2021-43451 SQL Injection vulnerability in PHPgurukul Employee Record Management System 1.2
SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php.
network
low complexity
phpgurukul CWE-89
critical
9.8
2021-11-05 CVE-2021-39411 Cross-site Scripting vulnerability in PHPgurukul Hospital Management System 4.0
Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php.
network
low complexity
phpgurukul CWE-79
6.1
2021-10-27 CVE-2021-37805 Cross-site Scripting vulnerability in PHPgurukul Vehicle Parking Management System 1.0
A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint.
network
low complexity
phpgurukul CWE-79
5.4
2021-10-27 CVE-2021-37806 SQL Injection vulnerability in PHPgurukul Vehicle Parking Management System 1.0
An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0.
network
high complexity
phpgurukul CWE-89
5.9
2021-10-27 CVE-2021-37807 SQL Injection vulnerability in PHPgurukul Online Shopping Portal 3.1
An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database.
network
low complexity
phpgurukul CWE-89
7.5