Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2024-44636
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the adminname and aemailid parameters in /admin-profile.php.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-14
CVE-2024-44639
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the sub1, sub2, sub3, sub4, and course-short parameters in add-subject.php.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-14
CVE-2024-44640
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the course-short, course-full, and cdate parameters in add-course.php.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-14
CVE-2024-55016
PHPGurukul Student Record Management System 3.20 is vulnerable to SQL Injection via the id and password parameters in login.php.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-14
CVE-2024-42749
Cross Site Scripting vulnerability in Alto CMS v.1.1.13 allows a local attacker to execute arbitrary code via a crafted script.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-11-14
CVE-2024-44630
Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income, category, ph, country, state, city, padd, cadd, and gender.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-14
CVE-2024-44632
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the id and emailid parameters in password-recovery.php.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-14
CVE-2024-44633
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the currentpassword parameter in change-password.php.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-14
CVE-2024-44635
PHPGurukul Student Record System 3.20 is vulnerable to Cross Site Scripting (XSS) via adminname and aemailid parameters in /admin-profile.php.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-11-14
CVE-2025-13168
A weakness has been identified in ury-erp ury up to 0.2.0. This affects the function overrided_past_order_list of the file ury/ury/api/pos_extend.py. This manipulation of the argument search_term causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. Upgrading to version 0.2.1 is able to mitigate this issue. Patch name: 063384e0dddfd191847cd2d6524c342cc380b058. It is suggested to upgrade the affected component. The vendor replied and reacted very professional.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-11-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved