
CVE-2024-5137 – PHPGurukul Directory Management System Searchbar admin-profile.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-5137
20 May 2024 — A vulnerability classified as problematic was found in PHPGurukul Directory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php of the component Searchbar. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BurakSevben/CVEs/blob/main/Directory%20Management%20System/Directory%20Management%20System%20-%20Cross-Site-Scripting%20-%202.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-5136 – PHPGurukul Directory Management System search-directory.php. cross site scripting
https://notcve.org/view.php?id=CVE-2024-5136
20 May 2024 — A vulnerability classified as problematic has been found in PHPGurukul Directory Management System 1.0. Affected is an unknown function of the file /admin/search-directory.php.. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BurakSevben/CVEs/blob/main/Directory%20Management%20System/Directory%20Management%20System%20-%20Cross-Site-Scripting%20-%201.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-5135 – PHPGurukul Directory Management System index.php sql injection
https://notcve.org/view.php?id=CVE-2024-5135
20 May 2024 — A vulnerability was found in PHPGurukul Directory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. • https://github.com/BurakSevben/CVEs/blob/main/Directory%20Management%20System/Directory%20Management%20System%20-%20SQL%20Injection%20-%201.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVE-2022-31382
https://notcve.org/view.php?id=CVE-2022-31382
16 Jun 2022 — Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php. Se ha detectado que Directory Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro searchdata en el archivo search-dirctory.php • http://directory.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVE-2022-31383
https://notcve.org/view.php?id=CVE-2022-31383
16 Jun 2022 — Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php. Se ha detectado que Directory Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro editid en el archivo view-directory.php • http://directory.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVE-2022-31384
https://notcve.org/view.php?id=CVE-2022-31384
16 Jun 2022 — Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php. Se ha detectado que Directory Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro fullname en el archivo add-directory.php • http://directory.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVE-2022-29006
https://notcve.org/view.php?id=CVE-2022-29006
11 May 2022 — Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication. Múltiples vulnerabilidades de inyección SQL por medio de los parámetros username y password en Admin panel of Directory Management System versión v1.0, permiten a atacantes omitir la autenticación • https://github.com/sudoninja-noob/CVE-2022-29006 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •