CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2047 – PHPGurukul Art Gallery Management System search.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-2047
06 Mar 2025 — A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /search.php. The manipulation of the argument search leads to cross site scripting. It is possible to initiate the attack remotely. • https://github.com/chenyihao-cyber/CVE/issues/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51978
https://notcve.org/view.php?id=CVE-2023-51978
12 Jan 2024 — In PHPGurukul Art Gallery Management System v1.1, "Update Artist Image" functionality of "imageid" parameter is vulnerable to SQL Injection. En PHPGurukul Art Gallery Management System v1.1, la funcionalidad "Update Artist Image" del parámetro "imageid" es vulnerable a la inyección SQL. • https://github.com/hackerhijeck/Exploited/blob/main/Art_Gallary/SQL_Injection.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 10%CPEs: 1EXPL: 2CVE-2023-37771
https://notcve.org/view.php?id=CVE-2023-37771
31 Jul 2023 — Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php. • https://github.com/anky-123/CVE-2023-37771 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-24726
https://notcve.org/view.php?id=CVE-2023-24726
15 Mar 2023 — Art Gallery Management System v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter on the enquiry page. • https://github.com/rahulpatwari/CVE/blob/main/CVE-2023-24726/CVE-2023-24726.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-23155
https://notcve.org/view.php?id=CVE-2023-23155
27 Feb 2023 — Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the username parameter in the Admin Login. • https://gist.github.com/y0gesh-verma/3de9b3e3f0d2b63c07e6704e232d9620 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-23156 – Art Gallery Management System Project in PHP v 1.0 - SQL injection
https://notcve.org/view.php?id=CVE-2023-23156
27 Feb 2023 — Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page. • https://www.exploit-db.com/exploits/51272 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-23157
https://notcve.org/view.php?id=CVE-2023-23157
27 Feb 2023 — A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullname parameter on the enquiry page. • https://github.com/y0gesh-verma/CVE/blob/main/CVE-2023-23157/CVE-2023-23157.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-23158
https://notcve.org/view.php?id=CVE-2023-23158
27 Feb 2023 — A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter on the enquiry page. • https://github.com/y0gesh-verma/CVE/blob/main/CVE-2023-23158/CVE-2023-23158.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 6%CPEs: 1EXPL: 3CVE-2023-23161 – Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-23161
10 Feb 2023 — A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar. Art Gallery Management System Project version 1.0 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/171642 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3CVE-2023-23162 – Art Gallery Management System Project v1.0 - SQL Injection (cid) Unauthenticated
https://notcve.org/view.php?id=CVE-2023-23162
10 Feb 2023 — Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at product.php. Art Gallery Management System Project version 1.0 suffers from multiple remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/171643 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •