Filtered by vendor Phpgurukul
Subscriptions
Total
301 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-48282 | 1 Phpgurukul | 1 User Registration And Login And User Management System | 2024-10-16 | 7.6 High |
| A SQL Injection vulnerability was found in /password-recovery.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the femail parameter in a POST HTTP request. | ||||
| CVE-2024-48283 | 1 Phpgurukul | 1 User Registration And Login And User Management System | 2024-10-16 | 9.8 Critical |
| Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection in /admin//search-result.php via the searchkey parameter. | ||||
| CVE-2024-48279 | 1 Phpgurukul | 1 User Registration And Login And User Management System | 2024-10-16 | 7.6 High |
| A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary HTML code via the searchkey parameter in a POST HTTP request. | ||||
| CVE-2024-48280 | 1 Phpgurukul | 1 User Registration And Login And User Management System | 2024-10-16 | 7.6 High |
| A SQL Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL command via the fromdate parameter in a POST HTTP request. | ||||
| CVE-2024-9326 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-10-02 | 7.3 High |
| A vulnerability classified as critical was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /shopping/admin/index.php of the component Admin Panel. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-46241 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2024-09-26 | 5.9 Medium |
| PHPGurukul Dairy Farm Shop Management System v1.1 is vulnerable to Cross-Site Scripting (XSS) via the pname parameter in add_product.php and edit_product.php. | ||||
| CVE-2024-8463 | 1 Phpgurukul | 1 Job Portal | 2024-09-12 | 9.9 Critical |
| File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell. | ||||
| CVE-2024-8473 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 6.3 Medium |
| Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through user_email parameter in /jobportal/admin/login.php. | ||||
| CVE-2024-8472 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 6.3 Medium |
| Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through multiple parameters in /jobportal/index.php. | ||||
| CVE-2024-8471 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 6.3 Medium |
| Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through JOBID and USERNAME parameters in /jobportal/process.php. | ||||
| CVE-2024-8470 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
| SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/vacancy/controller.php, and retrieve all the information stored in it. | ||||
| CVE-2024-8469 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
| SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/employee/index.php, and retrieve all the information stored in it. | ||||
| CVE-2024-8468 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
| SQL injection vulnerability, by which an attacker could send a specially designed query through search parameter in /jobportal/index.php, and retrieve all the information stored in it. | ||||
| CVE-2024-8467 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
| SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/category/index.php, and retrieve all the information stored in it. | ||||
| CVE-2024-8466 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
| SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/category/controller.php, and retrieve all the information stored in it. | ||||
| CVE-2024-8465 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
| SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it. | ||||
| CVE-2024-8464 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
| SQL injection vulnerability, by which an attacker could send a specially designed query through JOBREGID parameter in /jobportal/admin/applicants/controller.php, and retrieve all the information stored in it. | ||||
| CVE-2024-40484 | 1 Phpgurukul | 1 Old Age Home Management System | 2024-08-15 | 6.1 Medium |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in "/oahms/search.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter. | ||||
| CVE-2024-40481 | 1 Phpgurukul | 1 Old Age Home Management System | 2024-08-15 | 6.1 Medium |
| A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/view-enquiry.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the Contact Us page "message" parameter. | ||||
| CVE-2024-40477 | 1 Phpgurukul | 1 Old Age Home Management System | 2024-08-13 | 9.8 Critical |
| A SQL injection vulnerability in "/oahms/admin/forgot-password.php" in PHPGurukul Old Age Home Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "email" parameter. | ||||