CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13001 – PHPGurukul Small CRM index.php sql injection
https://notcve.org/view.php?id=CVE-2024-13001
29 Dec 2024 — A vulnerability was found in PHPGurukul Small CRM 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. • https://phpgurukul.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13000 – PHPGurukul Small CRM quote-details.php sql injection
https://notcve.org/view.php?id=CVE-2024-13000
29 Dec 2024 — A vulnerability was found in PHPGurukul Small CRM 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/quote-details.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://phpgurukul.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12999 – PHPGurukul Small CRM edit-user.php sql injection
https://notcve.org/view.php?id=CVE-2024-12999
29 Dec 2024 — A vulnerability has been found in PHPGurukul Small CRM 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://phpgurukul.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34650
https://notcve.org/view.php?id=CVE-2023-34650
28 Jun 2023 — PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS). • https://github.com/ckalnarayan/Common-Vulnerabilities-and-Exposures/blob/main/CVE-2023-34650 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •