CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13000 – PHPGurukul Small CRM quote-details.php sql injection
https://notcve.org/view.php?id=CVE-2024-13000
29 Dec 2024 — A vulnerability was found in PHPGurukul Small CRM 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/quote-details.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://phpgurukul.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12999 – PHPGurukul Small CRM edit-user.php sql injection
https://notcve.org/view.php?id=CVE-2024-12999
29 Dec 2024 — A vulnerability has been found in PHPGurukul Small CRM 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://phpgurukul.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12982 – PHPGurukul Blood Bank & Donor Management System update-contactinfo.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-12982
27 Dec 2024 — A vulnerability was found in PHPGurukul Blood Bank & Donor Management System 2.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bbdms/admin/update-contactinfo.php. The manipulation of the argument Address leads to cross site scripting. The attack may be launched remotely. • https://phpgurukul.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12977 – PHPGurukul Complaint Management System state.php sql injection
https://notcve.org/view.php?id=CVE-2024-12977
27 Dec 2024 — A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management System 1.0. This affects an unknown part of the file /admin/state.php. The manipulation of the argument state leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/AngrySheep2003/cve/blob/main/Complaint_Management_System_SQL_Injection.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12955 – PHPGurukul Blood Bank & Donor Management System logout.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-12955
26 Dec 2024 — A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as problematic. This vulnerability affects unknown code of the file /logout.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://www.exploit-db.com/exploits/52256 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54810
https://notcve.org/view.php?id=CVE-2024-54810
12 Dec 2024 — A SQL Injection vulnerability was found in /preschool/admin/password-recovery.php in PHPGurukul Pre-School Enrollment System Project v1.0, which allows remote attackers to execute arbitrary code via the mobileno parameter. • https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Pre-School%20Enrollment/SQL%20Injection%20pre-school%20pa.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54811
https://notcve.org/view.php?id=CVE-2024-54811
12 Dec 2024 — A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "login" parameter. • https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Park%20ticket/report%20sql.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54842
https://notcve.org/view.php?id=CVE-2024-54842
12 Dec 2024 — A SQL injection vulnerability was found in phpgurukul Online Nurse Hiring System v1.0 in /admin/password-recovery.php via the mobileno parameter. • https://github.com/achchhelalchauhan/phpgurukul/blob/main/SQL%20injection%20ONHP-forgetpass-mobileno.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2024-55099
https://notcve.org/view.php?id=CVE-2024-55099
12 Dec 2024 — A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username parameter. • https://github.com/kuzgunaka/CVE-2024-55099-Online-Nurse-Hiring-System-v1.0-SQL-Injection-Vulnerability- • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55268
https://notcve.org/view.php?id=CVE-2024-55268
06 Dec 2024 — A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter. • https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/COVID19/Reflected%20Cross%20Site%20reg.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •