Phpgurukul: >> User Registration & Login And User Management System Security Vulnerabilities
A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /loginsystem/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely and leading to account takeover.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-04-28
A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-03-13
A HTML Injection vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary HTML code via the fname, lname, and contact parameters.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-03-13
A vulnerability classified as critical has been found in PHPGurukul User Registration & Login and User Management System 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
7.3
EPSS Score
0.0
Published
2024-11-27
A vulnerability was found in PHPGurukul User Registration & Login and User Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
7.3
EPSS Score
0.0
Published
2024-11-26
A Reflected Cross-Site Scripting (XSS) vulnerability was found in the /search-result.php page of the PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary scripts via the searchkey parameter in a POST HTTP request.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-11-14
A Directory listing issue was found in PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers attacker to access sensitive files and directories via /loginsystem/assets.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-11-14
Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to Cross Site Request Forgery (CSRF) via /edit-profile.php.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-10-15
A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary HTML code via the searchkey parameter in a POST HTTP request.
CVSS Score
7.6
EPSS Score
0.001
Published
2024-10-15
A SQL Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL command via the fromdate parameter in a POST HTTP request.
CVSS Score
7.6
EPSS Score
0.002
Published
2024-10-15
Page 1