CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-50491
https://notcve.org/view.php?id=CVE-2025-50491
28 Jul 2025 — Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session hijacking attack. La invalidación de sesión incorrecta en el componente /banker/change-password.php de PHPGurukul Bank Locker Management System v1 permite a los atacantes ejecutar un ataque de secuestro de sesión. • http://bank.com • CWE-613: Insufficient Session Expiration •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-50492
https://notcve.org/view.php?id=CVE-2025-50492
28 Jul 2025 — Improper session invalidation in the component /edms/change-password.php of PHPGurukul e-Diary Management System v1 allows attackers to execute a session hijacking attack. La invalidación de sesión incorrecta en el componente /edms/change-password.php de PHPGurukul e-Diary Management System v1 permite a los atacantes ejecutar un ataque de secuestro de sesión. • http://e-diary.com • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-50493
https://notcve.org/view.php?id=CVE-2025-50493
28 Jul 2025 — Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack. La invalidación de sesión incorrecta en el componente /doctor/change-password.php de PHPGurukul Doctor Appointment Management System v1 permite a los atacantes ejecutar un ataque de secuestro de sesión. • http://doctor.com • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-50494
https://notcve.org/view.php?id=CVE-2025-50494
28 Jul 2025 — Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack. La invalidación de sesión incorrecta en el componente /doctor/change-password.php de PHPGurukul Car Washing Management System v1.0 permite a los atacantes ejecutar un ataque de secuestro de sesión. • http://car.com • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-8179 – PHPGurukul Local Services Search Engine Management System changeimage.php sql injection
https://notcve.org/view.php?id=CVE-2025-8179
26 Jul 2025 — A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/yuan-max11/mycve/issues/1 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2025-8158 – PHPGurukul Login and User Management System yesterday-reg-users.php sql injection
https://notcve.org/view.php?id=CVE-2025-8158
25 Jul 2025 — A vulnerability was found in PHPGurukul Login and User Management System 3.3. It has been declared as critical. This vulnerability affects unknown code of the file /admin/yesterday-reg-users.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. • https://github.com/secfake/mycve/issues/3 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2025-8157 – PHPGurukul User Registration & Login and User Management lastthirtyays-reg-users.php sql injection
https://notcve.org/view.php?id=CVE-2025-8157
25 Jul 2025 — A vulnerability was found in PHPGurukul User Registration & Login and User Management 3.3. It has been classified as critical. This affects an unknown part of the file /admin/lastthirtyays-reg-users.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. • https://github.com/secfake/mycve/issues/2 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2025-8156 – PHPGurukul User Registration & Login and User Management lastsevendays-reg-users.php sql injection
https://notcve.org/view.php?id=CVE-2025-8156
25 Jul 2025 — A vulnerability was found in PHPGurukul User Registration & Login and User Management 3.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/lastsevendays-reg-users.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/secfake/mycve/issues/1 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2025-8134 – PHPGurukul BP Monitoring Management System bwdates-report-result.php sql injection
https://notcve.org/view.php?id=CVE-2025-8134
25 Jul 2025 — A vulnerability classified as critical was found in PHPGurukul BP Monitoring Management System 1.0. This vulnerability affects unknown code of the file /bwdates-report-result.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/LagonGit/ReportCVE/issues/13 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2025-8115 – PHPGurukul Taxi Stand Management System new-autoortaxi-entry-form.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-8115
24 Jul 2025 — A vulnerability has been found in PHPGurukul Taxi Stand Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/new-autoortaxi-entry-form.php. The manipulation of the argument registrationnumber/licensenumber leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/LagonGit/ReportCVE/issues/11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •