Phpgurukul: Security Vulnerabilities
PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-02
PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the /admin/password-recovery.php endpoint. Specifically, the username and mobileno parameters accepts unvalidated user input, which is then concatenated directly into a backend SQL query.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-02
Insecure Direct Object Reference (IDOR) in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-11-25
A flaw has been found in PHPGurukul Hostel Management System 2.1. The impacted element is an unknown function of the file /register-complaint.php. Executing manipulation of the argument cdetails can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.
CVSS Score
3.5
EPSS Score
0.0
Published
2025-11-24
A Cross-Site Request Forgery (CSRF) vulnerability in the manage-students.php component of PHPGurukul Student Record System v3.2 allows an attacker to trick an authenticated administrator into submitting a forged request. This leads to the unauthorized deletion of user accounts, causing a Denial of Service (DoS).
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-18
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the email parameter in forgot-password.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-11-17
PHPGurukul Online Shopping Portal 2.0 is vulnerable to Cross Site Scripting (XSS) via the quantity parameter in my-cart.php.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-17
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the name, summary, review, quality, price, and value parameters in product-details.php.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-17
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the fullname, emailid, and contactno parameters in login.php.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-17
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the username parameter in the admin page.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-17
Page 1