CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4862 – PHPGurukul Directory Management System searchdata.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-4862
18 May 2025 — A vulnerability, which was classified as problematic, has been found in PHPGurukul Directory Management System 2.0. Affected by this issue is some unknown functionality of the file /searchdata.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Schatten-42/MyCVE/issues/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4698 – PHPGurukul Directory Management System forget-password.php sql injection
https://notcve.org/view.php?id=CVE-2025-4698
15 May 2025 — A vulnerability classified as critical has been found in PHPGurukul Directory Management System 2.0. This affects an unknown part of the file /admin/forget-password.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/lwecho/myCVE/issues/3 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4697 – PHPGurukul Directory Management System edit-directory.php sql injection
https://notcve.org/view.php?id=CVE-2025-4697
15 May 2025 — A vulnerability was found in PHPGurukul Directory Management System 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/edit-directory.php. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. • https://github.com/lwecho/myCVE/issues/2 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5137 – PHPGurukul Directory Management System Searchbar admin-profile.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-5137
20 May 2024 — A vulnerability classified as problematic was found in PHPGurukul Directory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php of the component Searchbar. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BurakSevben/CVEs/blob/main/Directory%20Management%20System/Directory%20Management%20System%20-%20Cross-Site-Scripting%20-%202.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5136 – PHPGurukul Directory Management System search-directory.php. cross site scripting
https://notcve.org/view.php?id=CVE-2024-5136
20 May 2024 — A vulnerability classified as problematic has been found in PHPGurukul Directory Management System 1.0. Affected is an unknown function of the file /admin/search-directory.php.. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BurakSevben/CVEs/blob/main/Directory%20Management%20System/Directory%20Management%20System%20-%20Cross-Site-Scripting%20-%201.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5135 – PHPGurukul Directory Management System index.php sql injection
https://notcve.org/view.php?id=CVE-2024-5135
20 May 2024 — A vulnerability was found in PHPGurukul Directory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. • https://github.com/BurakSevben/CVEs/blob/main/Directory%20Management%20System/Directory%20Management%20System%20-%20SQL%20Injection%20-%201.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31382
https://notcve.org/view.php?id=CVE-2022-31382
16 Jun 2022 — Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php. Se ha detectado que Directory Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro searchdata en el archivo search-dirctory.php • http://directory.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31383
https://notcve.org/view.php?id=CVE-2022-31383
16 Jun 2022 — Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php. Se ha detectado que Directory Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro editid en el archivo view-directory.php • http://directory.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31384
https://notcve.org/view.php?id=CVE-2022-31384
16 Jun 2022 — Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php. Se ha detectado que Directory Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro fullname en el archivo add-directory.php • http://directory.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 87%CPEs: 1EXPL: 3CVE-2022-29006
https://notcve.org/view.php?id=CVE-2022-29006
11 May 2022 — Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication. Múltiples vulnerabilidades de inyección SQL por medio de los parámetros username y password en Admin panel of Directory Management System versión v1.0, permiten a atacantes omitir la autenticación • https://github.com/sudoninja-noob/CVE-2022-29006 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •