Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-5560

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-05 Apr, 2026 | 10:30
Updated At-07 Apr, 2026 | 02:49
Rejected At-
Credits

PHPGurukul Online Shopping Portal Project Parameter payment-method.php sql injection

A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /payment-method.php of the component Parameter Handler. Performing a manipulation of the argument paymethod results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:05 Apr, 2026 | 10:30
Updated At:07 Apr, 2026 | 02:49
Rejected At:
â–¼CVE Numbering Authority (CNA)
PHPGurukul Online Shopping Portal Project Parameter payment-method.php sql injection

A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /payment-method.php of the component Parameter Handler. Performing a manipulation of the argument paymethod results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

Affected Products
Vendor
PHPGurukul LLPPHPGurukul
Product
Online Shopping Portal Project
CPEs
  • cpe:2.3:a:phpgurukul:online_shopping_portal_project:*:*:*:*:*:*:*:*
Modules
  • Parameter Handler
Versions
Affected
  • 2.1
Problem Types
TypeCWE IDDescription
CWECWE-89SQL Injection
CWECWE-74Injection
Type: CWE
CWE ID: CWE-89
Description: SQL Injection
Type: CWE
CWE ID: CWE-74
Description: Injection
Metrics
VersionBase scoreBase severityVector
4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3.06.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2.06.5N/A
AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Version: 3.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Version: 2.0
Base score: 6.5
Base severity: N/A
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Advisory disclosed2026-04-04 00:00:00
VulDB entry created2026-04-04 02:00:00
VulDB entry last update2026-04-04 16:01:15
Event: Advisory disclosed
Date: 2026-04-04 00:00:00
Event: VulDB entry created
Date: 2026-04-04 02:00:00
Event: VulDB entry last update
Date: 2026-04-04 16:01:15
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/vuln/355330
vdb-entry
technical-description
https://vuldb.com/vuln/355330/cti
signature
permissions-required
https://vuldb.com/submit/782932
third-party-advisory
https://github.com/f1rstb100d/CVE/issues/12
exploit
issue-tracking
https://phpgurukul.com/
product
Hyperlink: https://vuldb.com/vuln/355330
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/vuln/355330/cti
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/submit/782932
Resource:
third-party-advisory
Hyperlink: https://github.com/f1rstb100d/CVE/issues/12
Resource:
exploit
issue-tracking
Hyperlink: https://phpgurukul.com/
Resource:
product
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:05 Apr, 2026 | 11:16
Updated At:24 Apr, 2026 | 18:14

A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /payment-method.php of the component Parameter Handler. Performing a manipulation of the argument paymethod results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Secondary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Secondary
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-74Primarycna@vuldb.com
CWE-89Primarycna@vuldb.com
CWE ID: CWE-74
Type: Primary
Source: cna@vuldb.com
CWE ID: CWE-89
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/f1rstb100d/CVE/issues/12cna@vuldb.com
N/A
https://phpgurukul.com/cna@vuldb.com
N/A
https://vuldb.com/submit/782932cna@vuldb.com
N/A
https://vuldb.com/vuln/355330cna@vuldb.com
N/A
https://vuldb.com/vuln/355330/cticna@vuldb.com
N/A
Hyperlink: https://github.com/f1rstb100d/CVE/issues/12
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://phpgurukul.com/
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/submit/782932
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/vuln/355330
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/vuln/355330/cti
Source: cna@vuldb.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

4299Records found
CVE-2026-5606
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 1.27%
||
7 Day CHG~0.00%
Published-06 Apr, 2026 | 00:00
Updated-07 Apr, 2026 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Shopping Portal Project Parameter order-details.php sql injection

A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /order-details.php of the component Parameter Handler. The manipulation of the argument orderid results in sql injection. It is possible to launch the attack remotely.

Action-Not Available
Vendor-PHPGurukul LLP
Product-Online Shopping Portal Project
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-5558
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 1.27%
||
7 Day CHG~0.00%
Published-05 Apr, 2026 | 10:00
Updated-24 Apr, 2026 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul PHPGurukul Online Shopping Portal Project Parameter pending-orders.php sql injection

A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-PHPGurukul Online Shopping Portal Project
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-3215
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 41.65%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 06:31
Updated-16 May, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Restaurant Table Booking System add-subadmin.php sql injection

A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/add-subadmin.php. The manipulation of the argument fullname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-PHPGurukul LLP
Product-restaurant_table_booking_systemRestaurant Table Booking System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-5640
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 9.05%
||
7 Day CHG~0.00%
Published-06 Apr, 2026 | 09:00
Updated-07 Apr, 2026 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Shopping Portal Project Parameter update-image2.php sql injection

A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /admin/update-image2.php of the component Parameter Handler. The manipulation of the argument filename leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-Online Shopping Portal Project
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-5639
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 1.27%
||
7 Day CHG~0.00%
Published-06 Apr, 2026 | 08:45
Updated-07 Apr, 2026 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Shopping Portal Project Parameter update-image3.php sql injection

A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulation of the argument filename can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-Online Shopping Portal Project
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-5635
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 1.27%
||
7 Day CHG~0.00%
Published-06 Apr, 2026 | 07:45
Updated-07 Apr, 2026 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Shopping Portal Project Parameter categorywise-products.php sql injection

A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. Affected by this issue is some unknown functionality of the file /categorywise-products.php of the component Parameter Handler. The manipulation of the argument cid results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.

Action-Not Available
Vendor-PHPGurukul LLP
Product-Online Shopping Portal Project
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-3242
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 41.65%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 11:00
Updated-28 May, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul e-Diary Management System search-result.php sql injection

A vulnerability has been found in PHPGurukul e-Diary Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /search-result.php. The manipulation of the argument id/searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-e-diary_management_systeme-Diary Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-5636
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 1.27%
||
7 Day CHG~0.00%
Published-06 Apr, 2026 | 08:00
Updated-07 Apr, 2026 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Shopping Portal Project Parameter cancelorder.php sql injection

A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /cancelorder.php of the component Parameter Handler. This manipulation of the argument oid causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.

Action-Not Available
Vendor-PHPGurukul LLP
Product-Online Shopping Portal Project
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-5552
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 1.27%
||
7 Day CHG~0.00%
Published-05 Apr, 2026 | 08:30
Updated-24 Apr, 2026 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Shopping Portal Project Parameter sub-category.php sql injection

A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This issue affects some unknown processing of the file /sub-category.php of the component Parameter Handler. This manipulation of the argument pid causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

Action-Not Available
Vendor-PHPGurukul LLP
Product-Online Shopping Portal Project
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-5583
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 1.27%
||
7 Day CHG~0.00%
Published-05 Apr, 2026 | 16:30
Updated-07 Apr, 2026 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Shopping Portal Project Parameter my-profile.php sql injection

A security vulnerability has been detected in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /my-profile.php of the component Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-Online Shopping Portal Project
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2628
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.81%
||
7 Day CHG~0.00%
Published-22 Mar, 2025 | 21:31
Updated-02 Apr, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Art Gallery Management System art-enquiry.php sql injection

A vulnerability, which was classified as critical, was found in PHPGurukul Art Gallery Management System 1.1. Affected is an unknown function of the file /art-enquiry.php. The manipulation of the argument eid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-art_gallery_management_systemArt Gallery Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2374
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.90%
||
7 Day CHG-0.03%
Published-17 Mar, 2025 | 11:00
Updated-08 May, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Human Metapneumovirus Testing Management System profile.php sql injection

A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument aid/adminname/mobilenumber/email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-human_metapneumovirus_testing_management_systemHuman Metapneumovirus Testing Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-1855
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 30.92%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 07:00
Updated-03 Mar, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Shopping Portal product-details.php sql injection

A vulnerability was found in PHPGurukul Online Shopping Portal 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /product-details.php. The manipulation of the argument quality/price/value/name/summary/review leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-Online Shopping Portal
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-1583
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 4.89%
||
7 Day CHG~0.00%
Published-23 Feb, 2025 | 12:00
Updated-28 Feb, 2025 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Nurse Hiring System search-report-details.php sql injection

A vulnerability classified as critical has been found in PHPGurukul Online Nurse Hiring System 1.0. This affects an unknown part of the file /admin/search-report-details.php. The manipulation of the argument searchinput leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_nurse_hiring_systemOnline Nurse Hiring System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2051
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.63%
||
7 Day CHG~0.00%
Published-07 Mar, 2025 | 00:00
Updated-08 May, 2025 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Apartment Visitors Management System search-visitor.php sql injection

A vulnerability has been found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /search-visitor.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-apartment_visitors_management_systemApartment Visitors Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2053
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 6.82%
||
7 Day CHG~0.00%
Published-07 Mar, 2025 | 00:31
Updated-08 May, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Apartment Visitors Management System visitor-detail.php sql injection

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /visitor-detail.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-apartment_visitors_management_systemApartment Visitors Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-1578
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 17.24%
||
7 Day CHG~0.00%
Published-23 Feb, 2025 | 08:00
Updated-20 May, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul/Campcodes Online Shopping Portal search-result.php sql injection

A vulnerability, which was classified as critical, was found in PHPGurukul/Campcodes Online Shopping Portal 2.1. This affects an unknown part of the file /search-result.php. The manipulation of the argument Product leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CampCodesPHPGurukul LLP
Product-online_shopping_portalOnline Shopping Portal
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2052
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.57%
||
7 Day CHG~0.00%
Published-07 Mar, 2025 | 00:00
Updated-08 May, 2025 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Apartment Visitors Management System forgot-password.php sql injection

A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /forgot-password.php. The manipulation of the argument contactno leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-apartment_visitors_management_systemApartment Visitors Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-1581
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 4.89%
||
7 Day CHG~0.00%
Published-23 Feb, 2025 | 10:31
Updated-28 Feb, 2025 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Nurse Hiring System book-nurse.php sql injection

A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /book-nurse.php?bookid=1. The manipulation of the argument contactname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_nurse_hiring_systemOnline Nurse Hiring System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-1580
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 4.89%
||
7 Day CHG~0.00%
Published-23 Feb, 2025 | 10:00
Updated-07 May, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Nipah Virus Testing Management System search-report-result.php sql injection

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /search-report-result.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting parameter names to be affected.

Action-Not Available
Vendor-PHPGurukul LLP
Product-nipah_virus_testing_management_systemNipah Virus Testing Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-10098
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.21%
||
7 Day CHG+0.01%
Published-08 Sep, 2025 | 17:02
Updated-15 Oct, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul User Management System edit-user-profile.php sql injection

A security flaw has been discovered in PHPGurukul User Management System 1.0. Affected is an unknown function of the file /admin/edit-user-profile.php. The manipulation of the argument uid results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited.

Action-Not Available
Vendor-PHPGurukul LLP
Product-user_management_systemUser Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-5641
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 9.05%
||
7 Day CHG~0.00%
Published-06 Apr, 2026 | 09:15
Updated-07 Apr, 2026 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Shopping Portal Project Parameter update-image1.php sql injection

A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /admin/update-image1.php of the component Parameter Handler. The manipulation of the argument filename results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-Online Shopping Portal Project
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5358
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.33%
||
7 Day CHG~0.00%
Published-26 May, 2024 | 09:00
Updated-21 Feb, 2025 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Zoo Management System normal-search.php sql injection

A vulnerability was found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/normal-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-266270 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-PHPGurukul LLP
Product-zoo_management_systemZoo Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5360
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.33%
||
7 Day CHG~0.00%
Published-26 May, 2024 | 10:31
Updated-21 Feb, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Zoo Management System foreigner-bwdates-reports-details.php sql injection

A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/foreigner-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266272.

Action-Not Available
Vendor-PHPGurukul LLP
Product-zoo_management_systemZoo Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5361
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.94%
||
7 Day CHG~0.00%
Published-26 May, 2024 | 11:00
Updated-21 Feb, 2025 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Zoo Management System normal-bwdates-reports-details.php sql injection

A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some unknown processing of the file /admin/normal-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266273 was assigned to this vulnerability.

Action-Not Available
Vendor-PHPGurukul LLP
Product-zoo_management_systemZoo Management Systemzoo_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5359
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.34%
||
7 Day CHG~0.00%
Published-26 May, 2024 | 10:00
Updated-21 Feb, 2025 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Zoo Management System foreigner-search.php sql injection

A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been classified as critical. This affects an unknown part of the file /admin/foreigner-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266271.

Action-Not Available
Vendor-PHPGurukul LLP
Product-zoo_management_systemZoo Management Systemzoo_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5066
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.61%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 20:00
Updated-03 Mar, 2025 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Course Registration System pincode-verification.php sql injection

A vulnerability classified as critical was found in PHPGurukul Online Course Registration System 3.1. Affected by this vulnerability is an unknown functionality of the file /pincode-verification.php. The manipulation of the argument pincode leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264925 was assigned to this vulnerability.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_course_registration_systemOnline Course Registration Systemonline_course_registration_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-0733
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 4.71%
||
7 Day CHG~0.00%
Published-08 Jan, 2026 | 23:32
Updated-23 Feb, 2026 | 08:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Course Registration System manage-students.php sql injection

A vulnerability was determined in PHPGurukul Online Course Registration System up to 3.1. This impacts an unknown function of the file /onlinecourse/admin/manage-students.php. This manipulation of the argument id/cid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_course_registration_systemOnline Course Registration System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-0803
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 2.18%
||
7 Day CHG~0.00%
Published-09 Jan, 2026 | 15:32
Updated-23 Feb, 2026 | 08:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Course Registration System enroll.php sql injection

A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an unknown part of the file /enroll.php. The manipulation of the argument studentregno/Pincode/session/department/level/course/sem results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_course_registration_systemOnline Course Registration System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-9756
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.21%
||
7 Day CHG~0.00%
Published-01 Sep, 2025 | 02:02
Updated-08 Sep, 2025 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul User Management System change-emailid.php sql injection

A vulnerability was found in PHPGurukul User Management System 1.0. This impacts an unknown function of the file /admin/change-emailid.php. The manipulation of the argument uid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-user_management_systemUser Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3768
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 19.93%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 03:31
Updated-01 Aug, 2024 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul/itsourcecode News Portal search.php sql injection

A vulnerability, which was classified as critical, has been found in PHPGurukul/itsourcecode News Portal 4.1. This issue affects some unknown processing of the file search.php. The manipulation of the argument searchtitle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260615.

Action-Not Available
Vendor-ITSourceCodePHPGurukul LLP
Product-News Portal
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3690
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-3.52% / 87.68%
||
7 Day CHG~0.00%
Published-12 Apr, 2024 | 15:00
Updated-18 Feb, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Small CRM Change Password sql injection

A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260479.

Action-Not Available
Vendor-PHPGurukul LLP
Product-small_crmSmall CRM
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-8158
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.31%
||
7 Day CHG+0.01%
Published-25 Jul, 2025 | 13:32
Updated-29 Jul, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Login and User Management System yesterday-reg-users.php sql injection

A vulnerability was found in PHPGurukul Login and User Management System 3.3. It has been declared as critical. This vulnerability affects unknown code of the file /admin/yesterday-reg-users.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-user_registration_\&_login_and_user_management_systemLogin and User Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7927
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 24.56%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 14:32
Updated-29 Jul, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Banquet Booking System view-user-queries.php sql injection

A vulnerability has been found in PHPGurukul Online Banquet Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/view-user-queries.php. The manipulation of the argument viewid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_banquet_booking_systemOnline Banquet Booking System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-8156
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.92%
||
7 Day CHG+0.01%
Published-25 Jul, 2025 | 12:32
Updated-29 Jul, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul User Registration & Login and User Management lastsevendays-reg-users.php sql injection

A vulnerability was found in PHPGurukul User Registration & Login and User Management 3.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/lastsevendays-reg-users.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-user_registration_\&_login_and_user_management_systemUser Registration & Login and User Management
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-8157
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.81%
||
7 Day CHG+0.01%
Published-25 Jul, 2025 | 13:02
Updated-29 Jul, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul User Registration & Login and User Management lastthirtyays-reg-users.php sql injection

A vulnerability was found in PHPGurukul User Registration & Login and User Management 3.3. It has been classified as critical. This affects an unknown part of the file /admin/lastthirtyays-reg-users.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-user_registration_\&_login_and_user_management_systemUser Registration & Login and User Management
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3770
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.45%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 05:00
Updated-01 Aug, 2024 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Student Record System sql injection

A vulnerability has been found in PHPGurukul Student Record System 3.20 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage-courses.php?del=1. The manipulation of the argument del leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260617 was assigned to this vulnerability.

Action-Not Available
Vendor-PHPGurukul LLP
Product-Student Record Systemstudent_record_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3771
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 21.85%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 05:31
Updated-28 Feb, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Student Record System edit-subject.php sql injection

A vulnerability was found in PHPGurukul Student Record System 3.20 and classified as critical. Affected by this issue is some unknown functionality of the file /edit-subject.php. The manipulation of the argument sub1/sub2/sub3/sub4/udate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-260618 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-PHPGurukul LLP
Product-student_record_systemStudent Record Systemstudent_record_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-8134
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.65%
||
7 Day CHG+0.01%
Published-25 Jul, 2025 | 06:02
Updated-29 Jul, 2025 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul BP Monitoring Management System bwdates-report-result.php sql injection

A vulnerability classified as critical was found in PHPGurukul BP Monitoring Management System 1.0. This vulnerability affects unknown code of the file /bwdates-report-result.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-bp_monitoring_management_systemBP Monitoring Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7543
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.85%
||
7 Day CHG~0.00%
Published-13 Jul, 2025 | 21:14
Updated-15 Jul, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul User Registration & Login and User Management System manage-users.php sql injection

A vulnerability was found in PHPGurukul User Registration & Login and User Management System 3.3. It has been classified as critical. This affects an unknown part of the file /admin/manage-users.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-User Registration & Login and User Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7584
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.85%
||
7 Day CHG~0.00%
Published-14 Jul, 2025 | 07:32
Updated-15 Jul, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Fire Reporting System add-team.php sql injection

A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This issue affects some unknown processing of the file /admin/add-team.php. The manipulation of the argument teammember leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-Online Fire Reporting System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7491
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.94%
||
7 Day CHG~0.00%
Published-12 Jul, 2025 | 21:02
Updated-26 Sep, 2025 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Vehicle Parking Management System manage-outgoingvehicle.php sql injection

A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/manage-outgoingvehicle.php. The manipulation of the argument del leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-vehicle_parking_management_systemVehicle Parking Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7562
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.85%
||
7 Day CHG~0.00%
Published-14 Jul, 2025 | 02:02
Updated-15 Jul, 2025 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Fire Reporting System new-requests.php sql injection

A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. Affected is an unknown function of the file /admin/new-requests.php. The manipulation of the argument teamid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_fire_reporting_systemOnline Fire Reporting System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7590
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 20.48%
||
7 Day CHG~0.00%
Published-14 Jul, 2025 | 09:02
Updated-15 Jul, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Dairy Farm Shop Management System edit-category.php sql injection

A vulnerability, which was classified as critical, has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This issue affects some unknown processing of the file edit-category.php. The manipulation of the argument categorycode leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-dairy_farm_shop_management_systemDairy Farm Shop Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7520
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.94%
||
7 Day CHG~0.00%
Published-13 Jul, 2025 | 05:02
Updated-26 Sep, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Vehicle Parking Management System manage-category.php sql injection

A vulnerability, which was classified as critical, has been found in PHPGurukul Vehicle Parking Management System 1.13. This issue affects some unknown processing of the file /admin/manage-category.php. The manipulation of the argument del leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-vehicle_parking_management_systemVehicle Parking Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7591
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 20.48%
||
7 Day CHG~0.00%
Published-14 Jul, 2025 | 09:14
Updated-15 Jul, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Dairy Farm Shop Management System view-invoice.php sql injection

A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System 1.3. Affected is an unknown function of the file view-invoice.php. The manipulation of the argument invid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-dairy_farm_shop_management_systemDairy Farm Shop Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7158
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.17%
||
7 Day CHG+0.01%
Published-08 Jul, 2025 | 02:32
Updated-09 Jul, 2025 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Zoo Management System manage-normal-ticket.php sql injection

A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/manage-normal-ticket.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-zoo_management_systemZoo Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7583
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.85%
||
7 Day CHG~0.00%
Published-14 Jul, 2025 | 07:14
Updated-15 Jul, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Fire Reporting System all-requests.php sql injection

A vulnerability has been found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This vulnerability affects unknown code of the file /admin/all-requests.php. The manipulation of the argument teamid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-Online Fire Reporting System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7589
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.85%
||
7 Day CHG~0.00%
Published-14 Jul, 2025 | 08:44
Updated-15 Jul, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Dairy Farm Shop Management System edit-company.php sql injection

A vulnerability classified as critical was found in PHPGurukul Dairy Farm Shop Management System 1.3. This vulnerability affects unknown code of the file edit-company.php. The manipulation of the argument companyname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-dairy_farm_shop_management_systemDairy Farm Shop Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7599
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 20.48%
||
7 Day CHG~0.00%
Published-14 Jul, 2025 | 11:14
Updated-15 Jul, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Dairy Farm Shop Management System invoice.php sql injection

A vulnerability, which was classified as critical, has been found in PHPGurukul Dairy Farm Shop Management System 1.3. Affected by this issue is some unknown functionality of the file /invoice.php. The manipulation of the argument del leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-Dairy Farm Shop Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 85
  • 86
  • Next
Details not found