Santoshcyber1/CVE-wirteup

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-54790 ↗	Dec 19, 2024Thursday, 19 December 2024, 15:15	7.5 HIGH	—
A SQL Injection vulnerability was found in /index.php in PHPGurukul Pre-School Enrollment System v1.0, which allows remote attackers to execute arbitrary code via the visittime parameter.
CVE-2024-54811 ↗	Dec 12, 2024Thursday, 12 December 2024, 19:15	9.8 CRITICAL	—
A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "login" parameter.
CVE-2024-54810 ↗	Dec 12, 2024Thursday, 12 December 2024, 18:15	9.8 CRITICAL	—
A SQL Injection vulnerability was found in /preschool/admin/password-recovery.php in PHPGurukul Pre-School Enrollment System Project v1.0, which allows remote attackers to execute arbitrary code via the mobileno parameter.
CVE-2024-55268 ↗	Dec 6, 2024Friday, 6 December 2024, 17:15	6.1 MEDIUM	—
A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter.
CVE-2024-53604 ↗	Nov 27, 2024Wednesday, 27 November 2024, 14:15	9.8 CRITICAL	—
A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the mobnumber POST request parameter.
CVE-2024-53635 ↗	Nov 27, 2024Wednesday, 27 November 2024, 14:15	4.8 MEDIUM	—
A Reflected Cross Site Scripting (XSS) vulnerability was found in /covid-tms/patient-search-report.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata POST request parameter.
CVE-2024-53603 ↗	Nov 27, 2024Wednesday, 27 November 2024, 14:15	7.3 HIGH	—
A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter.
CVE-2024-51075 ↗	Oct 29, 2024Tuesday, 29 October 2024, 14:15	6.1 MEDIUM	—
A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/user-search.php in PHPGurukul Online DJ Booking Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata parameter.
CVE-2024-51076 ↗	Oct 29, 2024Tuesday, 29 October 2024, 14:15	6.1 MEDIUM	—
A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/booking-search.php in PHPGurukul Online DJ Booking Management System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter.
CVE-2024-51180 ↗	Oct 29, 2024Tuesday, 29 October 2024, 13:15	6.1 MEDIUM	—
A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/index.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via the "searchifsccode" parameter.
CVE-2024-51181 ↗	Oct 29, 2024Tuesday, 29 October 2024, 13:15	6.1 MEDIUM	—
A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/admin/profile.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via " searchifsccode" parameter.