Filtered by vendor Phpgurukul
Subscriptions
Total
1098 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1550 | 1 Phpgurukul | 1 Hospital Management System | 2026-04-18 | 6.3 Medium |
| A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/hospital/docappsystem/adminviews.py of the component Admin Dashboard Page. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-2088 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2026-04-17 | 7.3 High |
| A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/accepted-appointment.php. Such manipulation of the argument delid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-2134 | 1 Phpgurukul | 1 Hospital Management System | 2026-04-17 | 4.7 Medium |
| A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file /hms/admin/manage-doctors.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-51414 | 1 Phpgurukul | 1 Online Course Registration | 2026-04-17 | 8.8 High |
| In Phpgurukul Online Course Registration v3.1, an arbitrary file upload vulnerability was discovered within the profile picture upload functionality on the /my-profile.php page. | ||||
| CVE-2026-3402 | 1 Phpgurukul | 2 Student Record Management System, Student Record System | 2026-04-17 | 2.4 Low |
| A security vulnerability has been detected in PHPGurukul Student Record Management System up to 1.0. This vulnerability affects unknown code of the file /edit-course.php. Such manipulation of the argument Course Short Name leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-6193 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2026-04-14 | 7.3 High |
| A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2025-67315 | 1 Phpgurukul | 1 Employee Leave Management System | 2026-04-07 | N/A |
| DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | ||||
| CVE-2026-5640 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2026-04-07 | 6.3 Medium |
| A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /admin/update-image2.php of the component Parameter Handler. The manipulation of the argument filename leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-5636 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2026-04-07 | 6.3 Medium |
| A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /cancelorder.php of the component Parameter Handler. This manipulation of the argument oid causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-5641 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2026-04-07 | 6.3 Medium |
| A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /admin/update-image1.php of the component Parameter Handler. The manipulation of the argument filename results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used. | ||||
| CVE-2026-5635 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2026-04-07 | 6.3 Medium |
| A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. Affected by this issue is some unknown functionality of the file /categorywise-products.php of the component Parameter Handler. The manipulation of the argument cid results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-5583 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2026-04-07 | 6.3 Medium |
| A security vulnerability has been detected in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /my-profile.php of the component Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-5639 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2026-04-07 | 6.3 Medium |
| A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulation of the argument filename can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used. | ||||
| CVE-2026-5606 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2026-04-07 | 6.3 Medium |
| A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /order-details.php of the component Parameter Handler. The manipulation of the argument orderid results in sql injection. It is possible to launch the attack remotely. | ||||
| CVE-2025-57151 | 1 Phpgurukul | 1 Complaint Management System | 2026-04-06 | 8.8 High |
| phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/userprofile.php via the fullname parameter. | ||||
| CVE-2025-57150 | 1 Phpgurukul | 1 Complaint Management System | 2026-04-06 | 7.2 High |
| phpgurukul Complaint Management System in PHP 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/subcategory.php via the categoryName parameter. | ||||
| CVE-2025-57149 | 1 Phpgurukul | 1 Complaint Management System | 2026-04-06 | 6.5 Medium |
| phpgurukul Complaint Management System 2.0 is vulnerable to SQL Injection in /complaint-details.php via the cid parameter. | ||||
| CVE-2025-57148 | 1 Phpgurukul | 1 Online Shopping Portal | 2026-04-06 | 9.1 Critical |
| phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation. | ||||
| CVE-2025-57147 | 1 Phpgurukul | 1 Complaint Management System | 2026-04-06 | 7.5 High |
| A SQL Injection vulnerability was found in phpgurukul Complaint Management System 2.0. The vulnerability is due to lack of input validation of multiple parameters including fullname, email, and contactno in user/registration.php. | ||||
| CVE-2025-57146 | 1 Phpgurukul | 1 Complaint Management System | 2026-04-06 | 8.1 High |
| phpgurukul Complaint Management System in PHP 2.0 is vulnerable to SQL Injection in user/reset-password.php via the mobileno parameter. | ||||