leexsoyoung/CVEs

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-44659 ↗	Nov 17, 2025Monday, 17 November 2025, 20:15	9.8 CRITICAL	—
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the email parameter in forgot-password.php.
CVE-2024-44664 ↗	Nov 17, 2025Monday, 17 November 2025, 20:15	6.5 MEDIUM	—
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the name, summary, review, quality, price, and value parameters in product-details.php.
CVE-2024-44661 ↗	Nov 17, 2025Monday, 17 November 2025, 20:15	5.4 MEDIUM	—
PHPGurukul Online Shopping Portal 2.0 is vulnerable to Cross Site Scripting (XSS) via the quantity parameter in my-cart.php.
CVE-2024-46335 ↗	Nov 17, 2025Monday, 17 November 2025, 19:16	4.6 MEDIUM	—
PHPGurukul Complaint Management System 2.0 is vulnerble to Cross Site Scripting (XSS) via the fromdate and todate parameters in between-date-userreport.php.
CVE-2024-44663 ↗	Nov 17, 2025Monday, 17 November 2025, 19:16	6.5 MEDIUM	—
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the product parameter in search-result.php.
CVE-2024-44662 ↗	Nov 17, 2025Monday, 17 November 2025, 19:16	6.5 MEDIUM	—
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the username parameter in the admin page.
CVE-2024-44660 ↗	Nov 17, 2025Monday, 17 November 2025, 19:16	6.5 MEDIUM	—
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the fullname, emailid, and contactno parameters in login.php.
CVE-2024-44654 ↗	Nov 17, 2025Monday, 17 November 2025, 19:16	6.5 MEDIUM	—
PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the email and mobileno parameters in reset-password.php.
CVE-2024-44655 ↗	Nov 17, 2025Monday, 17 November 2025, 19:16	6.1 MEDIUM	—
PHPGurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) via the search parameter in user-search.php.
CVE-2024-44658 ↗	Nov 17, 2025Monday, 17 November 2025, 19:16	6.5 MEDIUM	—
PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the subcategory and category parameters in subcategory.php.
CVE-2024-44651 ↗	Nov 17, 2025Monday, 17 November 2025, 18:15	6.5 MEDIUM	—
Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the recover_email parameter in user_password_recover.php.
CVE-2024-44653 ↗	Nov 17, 2025Monday, 17 November 2025, 18:15	6.5 MEDIUM	—
Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email parameter in user_login.php.
CVE-2024-44657 ↗	Nov 17, 2025Monday, 17 November 2025, 18:15	6.5 MEDIUM	—
PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the fromdate and todate parameters in between-date-userreport.php.
CVE-2024-46334 ↗	Nov 17, 2025Monday, 17 November 2025, 17:15	6.1 MEDIUM	—
kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the formuser and formpassword parameters in /adminLogin.php.
CVE-2024-44647 ↗	Nov 17, 2025Monday, 17 November 2025, 17:15	6.1 MEDIUM	—
PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via the aremark parameter in manage-tickets.php.
CVE-2024-44648 ↗	Nov 17, 2025Monday, 17 November 2025, 17:15	6.5 MEDIUM	—
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via id and adminremark parameters in quote-details.php.
CVE-2024-44652 ↗	Nov 17, 2025Monday, 17 November 2025, 17:15	6.5 MEDIUM	—
Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email, username, user_firstname, user_lastname, and user_address parameters in user_register.php.
CVE-2024-46336 ↗	Nov 17, 2025Monday, 17 November 2025, 17:15	6.1 MEDIUM	—
kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /client_user/feedback.php.
CVE-2024-44641 ↗	Nov 17, 2025Monday, 17 November 2025, 17:15	6.5 MEDIUM	—
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the oldpass parameter in change-password.php.
CVE-2024-44644 ↗	Nov 17, 2025Monday, 17 November 2025, 17:15	6.5 MEDIUM	—
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the frm_id and aremark parameters in manage-tickets.php.
CVE-2024-44640 ↗	Nov 14, 2025Friday, 14 November 2025, 16:15	6.5 MEDIUM	—
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the course-short, course-full, and cdate parameters in add-course.php.
CVE-2024-44639 ↗	Nov 14, 2025Friday, 14 November 2025, 16:15	6.5 MEDIUM	—
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the sub1, sub2, sub3, sub4, and course-short parameters in add-subject.php.
CVE-2024-55016 ↗	Nov 14, 2025Friday, 14 November 2025, 16:15	6.5 MEDIUM	—
PHPGurukul Student Record Management System 3.20 is vulnerable to SQL Injection via the id and password parameters in login.php.
CVE-2024-44635 ↗	Nov 14, 2025Friday, 14 November 2025, 16:15	6.1 MEDIUM	—
PHPGurukul Student Record System 3.20 is vulnerable to Cross Site Scripting (XSS) via adminname and aemailid parameters in /admin-profile.php.
CVE-2024-44633 ↗	Nov 14, 2025Friday, 14 November 2025, 16:15	6.5 MEDIUM	—
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the currentpassword parameter in change-password.php.
CVE-2024-44632 ↗	Nov 14, 2025Friday, 14 November 2025, 16:15	6.5 MEDIUM	—
PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the id and emailid parameters in password-recovery.php.
CVE-2024-44630 ↗	Nov 14, 2025Friday, 14 November 2025, 16:15	6.5 MEDIUM	—
Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income, category, ph, country, state, city, padd, cadd, and gender.
CVE-2024-42749 ↗	Nov 14, 2025Friday, 14 November 2025, 16:15	6.1 MEDIUM	—
Cross Site Scripting vulnerability in Alto CMS v.1.1.13 allows a local attacker to execute arbitrary code via a crafted script.