Vulnerabilities > Phpgurukul > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-15 | CVE-2022-24226 | SQL Injection vulnerability in PHPgurukul Hospital Management System 4.0 Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php. | 7.5 |
| 2022-02-10 | CVE-2022-24646 | SQL Injection vulnerability in PHPgurukul Hospital Management System 4.0 Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters. | 7.5 |
| 2021-12-16 | CVE-2021-44315 | Files or Directories Accessible to External Parties vulnerability in PHPgurukul BUS Pass Management System 1.0 In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server. | 7.5 |
| 2021-12-13 | CVE-2021-44965 | Path Traversal vulnerability in PHPgurukul Employee Record Management System 1.2 Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server. | 7.5 |
| 2021-12-01 | CVE-2021-43137 | Cross-site Scripting vulnerability in PHPgurukul Hostel Management System 2.1 Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. | 8.8 |
| 2021-10-27 | CVE-2021-37807 | SQL Injection vulnerability in PHPgurukul Online Shopping Portal 3.1 An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database. | 7.5 |
| 2021-07-22 | CVE-2021-26762 | SQL Injection vulnerability in PHPgurukul Student Record System 4.0 SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php. | 8.8 |
| 2021-07-22 | CVE-2021-26764 | SQL Injection vulnerability in PHPgurukul Student Record System 4.0 SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php. | 8.8 |
| 2021-07-01 | CVE-2021-28423 | SQL Injection vulnerability in PHPgurukul Teachers Record Management System 1.0 Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php. | 8.8 |
| 2021-06-22 | CVE-2020-22164 | SQL Injection vulnerability in PHPgurukul Hospital Management System 4.0 PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. | 7.5 |