Phpgurukul: Security Vulnerabilities
SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/vacancy/controller.php, and retrieve all the information stored in it.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-09-05
Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through JOBID and USERNAME parameters in /jobportal/process.php.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-09-05
SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-09-05
SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/category/controller.php, and retrieve all the information stored in it.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-09-05
SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/category/index.php, and retrieve all the information stored in it.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-09-05
SQL injection vulnerability, by which an attacker could send a specially designed query through search parameter in /jobportal/index.php, and retrieve all the information stored in it.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-09-05
File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell.
CVSS Score
9.9
EPSS Score
0.002
Published
2024-09-05
SQL injection vulnerability, by which an attacker could send a specially designed query through JOBREGID parameter in /jobportal/admin/applicants/controller.php, and retrieve all the information stored in it.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-09-05
A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/view-enquiry.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the Contact Us page "message" parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-08-12
A Reflected Cross Site Scripting (XSS) vulnerability was found in "/oahms/search.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-08-12