CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3231 – PHPGurukul Zoo Management System aboutus.php sql injection
https://notcve.org/view.php?id=CVE-2025-3231
04 Apr 2025 — A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some unknown processing of the file /aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attack may be initiated remotely. • https://github.com/81a2in9/cve/issues/1 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2656 – PHPGurukul Zoo Management System login.php sql injection
https://notcve.org/view.php?id=CVE-2025-2656
23 Mar 2025 — A vulnerability classified as critical has been found in PHPGurukul Zoo Management System 2.1. Affected is an unknown function of the file /admin/login.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ydnd/cve/issues/4 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5361 – PHPGurukul Zoo Management System normal-bwdates-reports-details.php sql injection
https://notcve.org/view.php?id=CVE-2024-5361
26 May 2024 — A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some unknown processing of the file /admin/normal-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack may be initiated remotely. • https://vuldb.com/?ctiid.266273 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5360 – PHPGurukul Zoo Management System foreigner-bwdates-reports-details.php sql injection
https://notcve.org/view.php?id=CVE-2024-5360
26 May 2024 — A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/foreigner-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be initiated remotely. • https://vuldb.com/?ctiid.266272 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5359 – PHPGurukul Zoo Management System foreigner-search.php sql injection
https://notcve.org/view.php?id=CVE-2024-5359
26 May 2024 — A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been classified as critical. This affects an unknown part of the file /admin/foreigner-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely. • https://vuldb.com/?ctiid.266271 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5358 – PHPGurukul Zoo Management System normal-search.php sql injection
https://notcve.org/view.php?id=CVE-2024-5358
26 May 2024 — A vulnerability was found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/normal-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.266270 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5357 – PHPGurukul Zoo Management System forgot-password.php sql injection
https://notcve.org/view.php?id=CVE-2024-5357
26 May 2024 — A vulnerability has been found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.266269 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25350
https://notcve.org/view.php?id=CVE-2024-25350
28 Feb 2024 — SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGurukul Zoo Management System 1.0 via tickettype and tprice parameters. Vulnerabilidad de inyección SQL en /zms/admin/edit-ticket.php en PHPGurukul Zoo Management System 1.0 a través de los parámetros tickettype y tprice. • https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/ZooManagementSystem-SQL_Injection_Edit_Ticket.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25351
https://notcve.org/view.php?id=CVE-2024-25351
28 Feb 2024 — SQL Injection vulnerability in /zms/admin/changeimage.php in PHPGurukul Zoo Management System 1.0 allows attackers to run arbitrary SQL commands via the editid parameter. Vulnerabilidad de inyección SQL en /zms/admin/changeimage.php en PHPGurukul Zoo Management System 1.0 permite a atacantes ejecutar comandos SQL arbitrarios a través del parámetro editid. • https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/ZooManagementSystem-SQL_Injection_Change_Image.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41614
https://notcve.org/view.php?id=CVE-2023-41614
21 Sep 2023 — A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description of Animal parameter. Una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en la función Agregar Detalles de Animales de Zoo Management System v1.0 permite a los atacantes ejecutar scripts web arbitrarios o HTML a través de un payload manipulado inyectado en el parámetro Descripci... • https://medium.com/%40guravtushar231/stored-xss-in-admin-panel-a38d1feb9ec4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •