Vulnerabilities > Phpgurukul > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-22 | CVE-2020-22172 | SQL Injection vulnerability in PHPgurukul Hospital Management System 4.0 PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. | 7.5 |
| 2021-06-22 | CVE-2020-22173 | SQL Injection vulnerability in PHPgurukul Hospital Management System 4.0 PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. | 7.5 |
| 2021-06-22 | CVE-2020-22174 | SQL Injection vulnerability in PHPgurukul Hospital Management System 4.0 PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. | 7.5 |
| 2021-06-22 | CVE-2020-22175 | SQL Injection vulnerability in PHPgurukul Hospital Management System 4.0 PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php. | 7.5 |
| 2021-06-22 | CVE-2020-22176 | Missing Authorization vulnerability in PHPgurukul Hospital Management System 4.0 PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. | 7.5 |
| 2021-01-07 | CVE-2020-35745 | Missing Authorization vulnerability in PHPgurukul Hospital Management System 4.0 PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs. | 8.8 |
| 2020-12-21 | CVE-2020-35151 | SQL Injection vulnerability in PHPgurukul Online Marriage Registration System 1.0 The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection. | 8.8 |
| 2020-11-17 | CVE-2020-28136 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPgurukul Tourism Management System 1.0 An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page. | 8.8 |
| 2020-09-22 | CVE-2020-25487 | SQL Injection vulnerability in PHPgurukul ZOO Management System 1.0 PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php. | 7.8 |
| 2020-01-14 | CVE-2020-5509 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPgurukul CAR Rental Portal 1.0 PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image. | 7.2 |