Phpgurukul: >> Hostel Management System Security Vulnerabilities
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-12-01
PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-10-08
PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-01-08
Page 2