CVE-2021-27822
https://notcve.org/view.php?id=CVE-2021-27822
A persistent cross site scripting (XSS) vulnerability in the Add Categories module of Vehicle Parking Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Category field. Una vulnerabilidad de tipo cross site scripting (XSS) persistente en el módulo Add Categories de Vehicle Parking Management System versión 1.0, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el campo Category. • https://www.exploit-db.com/exploits/49595 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-26764
https://notcve.org/view.php?id=CVE-2021-26764
SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php. Una vulnerabilidad de inyección SQL en PHPGurukul Student Record System versión v4.0 permite a atacantes remotos ejecutar sentencias SQL arbitrarias, por medio del parámetro id del archivo edit-std.php • https://github.com/BigTiger2020/Student-Record-System-/blob/main/README.md https://packetstormsecurity.com/files/161237/Student-Record-System-4.0-SQL-Injection.html https://phpgurukul.com https://phpgurukul.com/wp-content/uploads/2019/05/schoolmanagement.zip • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-26762
https://notcve.org/view.php?id=CVE-2021-26762
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php. Una vulnerabilidad de inyección SQL en PHPGurukul Student Record System versión 4.0, permite a atacantes remotos ejecutar sentencias SQL arbitrarias, por medio del parámetro cid del archivo edit-course.php • https://phpgurukul.com https://phpgurukul.com/wp-content/uploads/2019/05/schoolmanagement.zip https://www.exploit-db.com/exploits/49513 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-26765
https://notcve.org/view.php?id=CVE-2021-26765
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php. Una vulnerabilidad de inyección SQL en PHPGurukul Student Record System versión 4.0, permite a atacantes remotos ejecutar sentencias SQL arbitrarias, por medio del parámetro sid del archivo edit-sub.php • https://github.com/BigTiger2020/Student-Record-System-/blob/main/README.md https://packetstormsecurity.com/files/161237/Student-Record-System-4.0-SQL-Injection.html https://phpgurukul.com https://phpgurukul.com/wp-content/uploads/2019/05/schoolmanagement.zip • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-35427
https://notcve.org/view.php?id=CVE-2020-35427
SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. Una vulnerabilidad de inyección SQL en PHPGurukul Employee Record Management System versión 1.1, permite a atacantes remotos ejecutar comandos SQL arbitrario y omitir una autenticación • https://phpgurukul.com https://www.exploit-db.com/exploits/49165 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •