Phpgurukul: Security Vulnerabilities
PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-02
A Reflected Cross-Site Scripting (XSS) vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the fname, lname, and contact parameters.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-09-30
A security vulnerability has been detected in PHPGurukul Employee Record Management System 1.3. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument First name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
CVSS Score
2.1
EPSS Score
0.0
Published
2025-09-28
A weakness has been identified in PHPGurukul Small CRM 4.0. This affects an unknown function of the file /forgot-password.php. Executing manipulation of the argument email can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-09-27
A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the fromdate parameter in a POST request.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-09-22
A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the fromdate parameter in a POST request.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-09-22
A flaw has been found in PHPGurukul Car Rental Project 3.0. Affected by this issue is some unknown functionality of the file /carrental/search.php. Executing manipulation of the argument autofocus can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.
CVSS Score
2.1
EPSS Score
0.0
Published
2025-09-22
A vulnerability was determined in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /create-ticket.php. Executing manipulation of the argument subject can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-09-18
A vulnerability was found in PHPGurukul Online Course Registration 3.1. This affects an unknown function of the file /my-profile.php. Performing manipulation of the argument cgpa results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-09-18
A security flaw has been discovered in PHPGurukul User Management System 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument emailid results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-09-17