CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51063
https://notcve.org/view.php?id=CVE-2024-51063
31 Oct 2024 — Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection in add-teacher.php via the mobile number or email parameter. • http://phpgurukul.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51064
https://notcve.org/view.php?id=CVE-2024-51064
31 Oct 2024 — Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection via the tid parameter to admin/queries.php. • http://phpgurukul.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48744
https://notcve.org/view.php?id=CVE-2024-48744
16 Oct 2024 — A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request parameter. Se encontró una vulnerabilidad de cross-site scripting (XSS) reflejado en /trms/listed-teachers.php en PHPGurukul Teachers Record Management System v2.1, que permite a atacantes remotos ejecutar código arbitrario a través del parámetro de solicitud POST "searchinput"... • https://github.com/vkcyberexpert/CVE-Writeup/blob/main/PHPGurukul/Teachers%20Record/Reflected%20XSS.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2021-28424
https://notcve.org/view.php?id=CVE-2021-28424
01 Jul 2021 — A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en Teachers Record Management System versión 1.0, permite a usuarios autenticados remotos inyectar script web o HTML arbitrario por medio de el parámetro POST "email" en el archivo adminprofile.php • https://nhattruong.blog/2021/05/22/cve-2021-28424-teachers-record-management-system-1-0-email-stored-cross-site-scripting-xss-vulnerability-authenticated • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 3CVE-2021-28423
https://notcve.org/view.php?id=CVE-2021-28423
01 Jul 2021 — Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php. Múltiples vulnerabilidades de inyección SQL en Teachers Record Management System versión 1.0, permiten a usuarios autenticados remotos ejecutar comandos SQL arbitrario por medio del parámetro GET "editid" en los archivos edit-subj... • https://nhattruong.blog/2021/05/22/cve-2021-28423-teachers-record-management-system-1-0-searchdata-error-based-sql-injection-authenticated • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 2CVE-2021-26822
https://notcve.org/view.php?id=CVE-2021-26822
15 Feb 2021 — Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks. Teachers Record Management System versión 1.0, está afectado por una vulnerabilidad de inyección SQL en el parámetro POST "searchteacher" en el archivo search-teacher.php. Esta vulnerabilidad puede ser aprovechada por un atacant... • https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-26822 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •