CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-33580 – Student Study Center Management System v1.0 - Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-33580
Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page. Student Study Center Management System version 1.0 suffers from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/51528 http://packetstormsecurity.com/files/173030/Student-Study-Center-Management-System-1.0-Cross-Site-Scripting.html https://github.com/sudovivek/My-CVE/blob/main/CVE-2023-33580_exploit.md https://phpgurukul.com/student-study-center-management-system-using-php-and-mysql • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3275 – PHPGurukul Rail Pass Management System POST Request view-pass-detail.php sql injection
https://notcve.org/view.php?id=CVE-2023-3275
A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view-pass-detail.php of the component POST Request Handler. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The identifier VDB-231625 was assigned to this vulnerability. • https://vuldb.com/?ctiid.231625 https://vuldb.com/?id.231625 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34666
https://notcve.org/view.php?id=CVE-2023-34666
Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter. • https://www.exploit-db.com/exploits/49204 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2023-33338
https://notcve.org/view.php?id=CVE-2023-33338
Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/ANUJ-KUMAR/Old-Age-Home-Management-2022-2023-1.0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2023-31498
https://notcve.org/view.php?id=CVE-2023-31498
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter. • https://gist.github.com/captain-noob/aff11542477ddd0a92ad8b94ec75f832 https://github.com/captain-noob https://twitter.com/captain__noob • CWE-384: Session Fixation •