PHPGurukul Security Vulnerabilities
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt.
9.8CVSS
9.7AI Score
0.002EPSS
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS, as demonstrated by the ExpenseItem or ExpenseCost parameter in manage-expense.php.
5.4CVSS
5.4AI Score
0.001EPSS
An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.
9.8CVSS
9.7AI Score
0.007EPSS
An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.
9.8CVSS
9.7AI Score
0.004EPSS
Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php, admin/check_availability.php, admin/index.php, change-password.php, check_availability.php, includes/header.php, ...
9.8CVSS
9.7AI Score
0.255EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
7.5CVSS
7.7AI Score
0.025EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
7.5CVSS
7.7AI Score
0.025EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
7.5CVSS
7.7AI Score
0.025EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data.
5.4CVSS
5.4AI Score
0.001EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
7.5CVSS
7.7AI Score
0.007EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
7.5CVSS
7.7AI Score
0.025EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
7.5CVSS
7.7AI Score
0.025EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
7.5CVSS
7.7AI Score
0.025EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
7.5CVSS
7.7AI Score
0.025EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
7.5CVSS
7.7AI Score
0.025EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
7.5CVSS
7.7AI Score
0.025EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
7.5CVSS
7.7AI Score
0.025EPSS
PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information.
7.5CVSS
7.2AI Score
0.007EPSS
Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0 allows attackers to run arbitrary code via the wzipcode field.
5.4CVSS
5.4AI Score
0.001EPSS
PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".
9.8CVSS
9.3AI Score
0.003EPSS
PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City.
5.4CVSS
5.2AI Score
0.002EPSS
PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php.
5.4CVSS
5.2AI Score
0.001EPSS
PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php.
7.8CVSS
8.1AI Score
0.0005EPSS
Online Marriage Registration System 1.0 is affected by stored cross-site scripting (XSS) vulnerabilities in multiple parameters.
5.4CVSS
5.3AI Score
0.001EPSS
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab.
4.9CVSS
5.4AI Score
0.0005EPSS
A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile.
6.1CVSS
5.8AI Score
0.001EPSS
A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server.
9.8CVSS
9.4AI Score
0.003EPSS
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin.
4.9CVSS
5.5AI Score
0.0005EPSS
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.
8.8CVSS
8.9AI Score
0.01EPSS
The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection.
8.8CVSS
8.6AI Score
0.002EPSS
SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
9.8CVSS
9.9AI Score
0.01EPSS
PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs.
8.8CVSS
8.5AI Score
0.008EPSS
Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised.
9.8CVSS
9.5AI Score
0.006EPSS
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.
6.1CVSS
6.1AI Score
0.003EPSS
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised.
8.8CVSS
9AI Score
0.311EPSS
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter.
6.1CVSS
6.2AI Score
0.001EPSS
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add...
9.8CVSS
9.6AI Score
0.015EPSS
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php.
6.1CVSS
6.8AI Score
0.016EPSS
PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image.
7.2CVSS
7.3AI Score
0.01EPSS
PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.
9.8CVSS
9.7AI Score
0.003EPSS
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the user-profile.php Full Name field.
6.1CVSS
5.9AI Score
0.001EPSS
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter.
5.4CVSS
5.1AI Score
0.001EPSS
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php.
8.8CVSS
9.1AI Score
0.026EPSS
SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php.
8.8CVSS
9.1AI Score
0.049EPSS
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php.
9.8CVSS
9.9AI Score
0.025EPSS
PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php.
9.8CVSS
9.4AI Score
0.142EPSS
Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks.
9.8CVSS
9.6AI Score
0.053EPSS
Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter.
4.8CVSS
5.3AI Score
0.001EPSS
SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter.
6.5CVSS
6.8AI Score
0.044EPSS
A persistent cross site scripting (XSS) vulnerability in the Add Categories module of Vehicle Parking Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Category field.
4.8CVSS
5.1AI Score
0.001EPSS