ByteOS Network

user_management_system

Source -

ADPNVD

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-9302

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-6.9||MEDIUM

EPSS-0.02% / 4.28%

7 Day CHG~0.00%

Published-21 Aug, 2025 | 14:02

Updated-22 Aug, 2025 | 21:16

PHPGurukul User Management System signup.php sql injection

A vulnerability was identified in PHPGurukul User Management System 1.0. This vulnerability affects unknown code of the file /signup.php. Such manipulation of the argument emailid leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.

Vendor-PHPGurukul LLP

Product-user_management_system User Management System

CWE ID-CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2024-50991

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-4.8||MEDIUM

EPSS-0.14% / 34.73%

7 Day CHG~0.00%

Published-11 Nov, 2024 | 00:00

Updated-04 Apr, 2025 | 20:00

A Cross Site Scripting (XSS) vulnerability was found in /ums-sp/admin/registered-users.php in PHPGurukul User Management System v1.0, which allows remote attackers to execute arbitrary code via the "fname" POST request parameter

Vendor-n/a PHPGurukul LLP

Product-user_management_system n/a user_management_system

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')