Filtered by vendor Phpgurukul
Subscriptions
Total
238 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-8463 | 1 Phpgurukul | 1 Job Portal | 2024-09-12 | 9.9 Critical |
File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell. | ||||
CVE-2023-46584 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2024-09-11 | 9.8 Critical |
SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint. | ||||
CVE-2023-46583 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2024-09-10 | 6.1 Medium |
Cross-Site Scripting (XSS) vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows attackers to execute arbitrary code via a crafted payload injected into the State field. | ||||
CVE-2024-8473 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 6.3 Medium |
Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through user_email parameter in /jobportal/admin/login.php. | ||||
CVE-2024-8472 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 6.3 Medium |
Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through multiple parameters in /jobportal/index.php. | ||||
CVE-2024-8471 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 6.3 Medium |
Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through JOBID and USERNAME parameters in /jobportal/process.php. | ||||
CVE-2024-8470 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/vacancy/controller.php, and retrieve all the information stored in it. | ||||
CVE-2024-8469 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/employee/index.php, and retrieve all the information stored in it. | ||||
CVE-2024-8468 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
SQL injection vulnerability, by which an attacker could send a specially designed query through search parameter in /jobportal/index.php, and retrieve all the information stored in it. | ||||
CVE-2024-8467 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/category/index.php, and retrieve all the information stored in it. | ||||
CVE-2024-8466 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/category/controller.php, and retrieve all the information stored in it. | ||||
CVE-2024-8465 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it. | ||||
CVE-2024-8464 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
SQL injection vulnerability, by which an attacker could send a specially designed query through JOBREGID parameter in /jobportal/admin/applicants/controller.php, and retrieve all the information stored in it. | ||||
CVE-2024-0360 | 1 Phpgurukul | 1 Hospital Management System | 2024-09-03 | 5.5 Medium |
A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/edit-doctor-specialization.php. The manipulation of the argument doctorspecilization leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250127. | ||||
CVE-2023-46024 | 1 Phpgurukul | 1 Teacher Subject Allocation Management System | 2024-09-03 | 7.5 High |
SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter. | ||||
CVE-2023-46025 | 1 Phpgurukul | 1 Teacher Subject Allocation Management System | 2024-09-03 | 4.9 Medium |
SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to obtain sensitive information via the 'editid' parameter. | ||||
CVE-2023-46026 | 1 Phpgurukul | 1 Teacher Subject Allocation Management System | 2024-09-03 | 4.8 Medium |
Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary code via the 'adminname' and 'email' parameters. | ||||
CVE-2023-47445 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2024-08-29 | 9.8 Critical |
Pre-School Enrollment version 1.0 is vulnerable to SQL Injection via the username parameter in preschool/admin/ page. | ||||
CVE-2023-47446 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2024-08-29 | 5.4 Medium |
Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting (XSS) on the profile.php page via fullname parameter. | ||||
CVE-2024-40484 | 1 Phpgurukul | 1 Old Age Home Management System | 2024-08-15 | 6.1 Medium |
A Reflected Cross Site Scripting (XSS) vulnerability was found in "/oahms/search.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter. |