CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6766 – PHPGurukul Teacher Subject Allocation Management System Delete Course course.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-6766
A vulnerability classified as problematic has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Affected is an unknown function of the file /admin/course.php of the component Delete Course Handler. The manipulation of the argument delid leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_delete_course.md https://vuldb.com/?ctiid.247896 https://vuldb.com/?id.247896 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6653 – PHPGurukul Teacher Subject Allocation Management System Create a new Subject subject.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-6653
A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/subject.php of the component Create a new Subject. The manipulation of the argument cid leads to cross-site request forgery. The attack may be launched remotely. • https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/csrf_add_sub.md https://vuldb.com/?ctiid.247346 https://vuldb.com/?id.247346 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6649 – PHPGurukul Teacher Subject Allocation Management System index.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-6649
A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file index.php. The manipulation of the argument searchdata with the input <script>alert(5)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/tsas-reflected-xss.md https://vuldb.com/?ctiid.247342 https://vuldb.com/?id.247342 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6648 – PHPGurukul Nipah Virus Testing Management System password-recovery.php sql injection
https://notcve.org/view.php?id=CVE-2023-6648
A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file password-recovery.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/dhabaleshwar/niv_testing_sqliforgotpassword/blob/main/exploit.md https://vuldb.com/?ctiid.247341 https://vuldb.com/?id.247341 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6474 – PHPGurukul Nipah Virus Testing Management System manage-phlebotomist.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-6474
A vulnerability has been found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file manage-phlebotomist.php. The manipulation of the argument pid leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/dhabaleshwar/niv_testing_csrf/blob/main/exploit.md https://vuldb.com/?ctiid.246640 https://vuldb.com/?id.246640 • CWE-352: Cross-Site Request Forgery (CSRF) •