CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-26766
https://notcve.org/view.php?id=CVE-2020-26766
26 Dec 2020 — A Cross Site Request Forgery (CSRF) vulnerability exists in the loginsystem page in PHPGurukul User Registration & Login and User Management System With Admin Panel 2.1. Se presenta una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) en la página loginsystem en PHPGurukul User Registration & Login and User Management System With Admin Panel versión 2.1 • https://www.exploit-db.com/exploits/49180 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-24723
https://notcve.org/view.php?id=CVE-2020-24723
18 Nov 2020 — Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en la página de Registro del panel de administración en PHPGurukul User Registration & Login and User Management System With admin panel versión 2.1 • https://phpgurukul.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2020-25952
https://notcve.org/view.php?id=CVE-2020-25952
16 Nov 2020 — SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. Una vulnerabilidad de inyección SQL en el panel de administración de PHPGurukul User Registration & Login and User Management System With versión 2.1, permite a atacantes remotos ejecutar comandos SQL arbitrarios y omitir la autenticación • https://phpgurukul.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6922
https://notcve.org/view.php?id=CVE-2006-6922
13 Jan 2007 — SQL injection vulnerability in Deadlock User Management System (phpdeadlock) 0.64 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Deadlock User Management System (phpdeadlock) 0.64 y anteriores permiten a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. • http://osvdb.org/36588 •