Phpgurukul: >> Client Management System >> 1.1 Security Vulnerabilities
Cross Site Scripting vulnerability in /edit-client-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code via the "cname", "comname", "state" and "city" parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-04-17
SQL Injection vulnerability in the "Invoices" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "searchdata" parameter.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-04-17
SQL Injection vulnerability in "B/W Dates Reports" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "todate" and "fromdate" parameters.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-04-17
Cross Site Scripting vulnerability in /edit-services-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and via "price" and "sname" parameter.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-04-17
Cross Site Scripting vulnerability in /bwdates-reports-ds.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the fromdate and todate parameters.
CVSS Score
6.8
EPSS Score
0.001
Published
2024-04-17
Cross Site Scripting vulnerability in /search-invoices.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the Search bar.
CVSS Score
6.8
EPSS Score
0.001
Published
2024-04-17