CVE-2024-5137 – PHPGurukul Directory Management System Searchbar admin-profile.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-5137
A vulnerability classified as problematic was found in PHPGurukul Directory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php of the component Searchbar. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BurakSevben/CVEs/blob/main/Directory%20Management%20System/Directory%20Management%20System%20-%20Cross-Site-Scripting%20-%202.md https://vuldb.com/?ctiid.265213 https://vuldb.com/?id.265213 https://vuldb.com/?submit.339123 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-5136 – PHPGurukul Directory Management System search-directory.php. cross site scripting
https://notcve.org/view.php?id=CVE-2024-5136
A vulnerability classified as problematic has been found in PHPGurukul Directory Management System 1.0. Affected is an unknown function of the file /admin/search-directory.php.. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BurakSevben/CVEs/blob/main/Directory%20Management%20System/Directory%20Management%20System%20-%20Cross-Site-Scripting%20-%201.md https://vuldb.com/?ctiid.265212 https://vuldb.com/?id.265212 https://vuldb.com/?submit.339122 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-5135 – PHPGurukul Directory Management System index.php sql injection
https://notcve.org/view.php?id=CVE-2024-5135
A vulnerability was found in PHPGurukul Directory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. • https://github.com/BurakSevben/CVEs/blob/main/Directory%20Management%20System/Directory%20Management%20System%20-%20SQL%20Injection%20-%201.md https://vuldb.com/?ctiid.265211 https://vuldb.com/?id.265211 https://vuldb.com/?submit.339121 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-31382
https://notcve.org/view.php?id=CVE-2022-31382
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php. Se ha detectado que Directory Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro searchdata en el archivo search-dirctory.php • http://directory.com http://phpgurukul.com https://github.com/laotun-s/POC/blob/main/CVE-2022-31382.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-31383
https://notcve.org/view.php?id=CVE-2022-31383
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php. Se ha detectado que Directory Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro editid en el archivo view-directory.php • http://directory.com http://phpgurukul.com https://github.com/laotun-s/POC/blob/main/CVE-2022-31383.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •