Phpgurukul: Security Vulnerabilities
A cross-site scripting (XSS) vulnerability exists in the search-autootaxi.php endpoint of the ATSMS web application. The application fails to properly sanitize user input submitted through a form field, allowing an attacker to inject arbitrary JavaScript code. The malicious payload is stored in the backend and executed when a user or administrator accesses the affected report page. This allows attackers to exfiltrate session cookies, hijack user sessions, and perform unauthorized actions in the context of the victims browser.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-09-16
An issue in Online Library Management System v.3.0 allows an attacker to escalate privileges via the adminlogin.php component and the Login function
CVSS Score
9.8
EPSS Score
0.001
Published
2025-09-16
An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php
CVSS Score
9.8
EPSS Score
0.001
Published
2025-09-15
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/all-appointment.php. The manipulation of the argument delid results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-09-15
A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2.0. This flaw allows an attacker to trick authenticated users into unintentionally modifying their account details. By crafting a malicious HTML page, an attacker can submit unauthorized requests to the vulnerable endpoint: /create-class.php.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-09-15
A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown function of the file /admin/view-enquiry.php. The manipulation of the argument viewid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-09-14
A flaw has been found in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/readenq.php. Executing manipulation of the argument delid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-09-14
PHPGURUKUL Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) due to lack of input sanitization in the quantity parameter when adding a product to the cart.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-09-12
Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user inputs 'remark', 'status' and 'takeaction' parameters via POST at the endpoint '/ofrs/admin/request-details.php'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal its cookie session details.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-09-11
Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user inputs 'fullname', 'location' and 'message' parameters via POST at the endpoint '/ofrs/reporting.php'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal its cookie session details.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-09-11