CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2628 – PHPGurukul Art Gallery Management System art-enquiry.php sql injection
https://notcve.org/view.php?id=CVE-2025-2628
22 Mar 2025 — A vulnerability, which was classified as critical, was found in PHPGurukul Art Gallery Management System 1.1. Affected is an unknown function of the file /art-enquiry.php. The manipulation of the argument eid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ydnd/cve/issues/3 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51978
https://notcve.org/view.php?id=CVE-2023-51978
12 Jan 2024 — In PHPGurukul Art Gallery Management System v1.1, "Update Artist Image" functionality of "imageid" parameter is vulnerable to SQL Injection. En PHPGurukul Art Gallery Management System v1.1, la funcionalidad "Update Artist Image" del parámetro "imageid" es vulnerable a la inyección SQL. • https://github.com/hackerhijeck/Exploited/blob/main/Art_Gallary/SQL_Injection.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •