efekaanakkar/Cyber-Cafe-Management-System-CVEs

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-70892 ↗	Jan 15, 2026Thursday, 15 January 2026, 21:16	9.8 CRITICAL	—
Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate user-supplied input in the username parameter of the add-users.php endpoint.
CVE-2025-70893 ↗	Jan 15, 2026Thursday, 15 January 2026, 21:16	8.8 HIGH	—
A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authenticated attackers to inject arbitrary SQL expressions.
CVE-2025-70890 ↗	Jan 15, 2026Thursday, 15 January 2026, 21:16	6.1 MEDIUM	—
A stored cross-site scripting (XSS) vulnerability exists in Cyber Cafe Management System v1.0. An authenticated attacker can inject arbitrary JavaScript code into the username parameter via the add-users.php endpoint. The injected payload is stored and executed in the victim s browser when the affected page is accessed.
CVE-2025-70891 ↗	Jan 15, 2026Thursday, 15 January 2026, 21:16	6.1 MEDIUM	—
A stored cross-site scripting (XSS) vulnerability exists in Phpgurukul Cyber Cafe Management System v1.0 within the user management module. The application does not properly sanitize or encode user-supplied input submitted via the uadd parameter in the add-users.php endpoint. An authenticated attacker can inject arbitrary JavaScript code that is persistently stored in the database. The malicious payload is triggered when a privileged user clicks the View button on the view-allusers.php page.