rtnthakur/CVE

Releases0

My GitHub CVE repository showcases documented security vulnerabilities, including analysis, exploit demonstrations, and mitigation strategies. It reflects your expertise in ethical hacking, penetration testing, and responsible disclosure, serving as a valuable resource for cybersecurity professionals and the security research community.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-28016 ↗	Sep 30, 2025Tuesday, 30 September 2025, 15:15	4.8 MEDIUM	—
A Reflected Cross-Site Scripting (XSS) vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the fname, lname, and contact parameters.
CVE-2025-51671 ↗	Jun 26, 2025Thursday, 26 June 2025, 16:15	5.4 MEDIUM	—
A SQL injection vulnerability was discovered in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability allows remote attackers to execute arbitrary SQL code via the category and categorycode parameters in a POST request to the manage-categories.php file.
CVE-2025-51672 ↗	Jun 26, 2025Thursday, 26 June 2025, 15:15	8 HIGH	—
A time-based blind SQL injection vulnerability was identified in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability exists in the manage-companies.php file and allows remote attackers to execute arbitrary SQL code via the companyname parameter in a POST request.
CVE-2025-45017 ↗	Apr 30, 2025Wednesday, 30 April 2025, 14:15	9.8 CRITICAL	—
A SQL injection vulnerability was discovered in edit-ticket.php of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the tprice POST request parameter.
CVE-2025-45011 ↗	Apr 30, 2025Wednesday, 30 April 2025, 14:15	5.3 MEDIUM	—
A HTML Injection vulnerability was discovered in the foreigner-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata POST request parameter.
CVE-2025-45015 ↗	Apr 30, 2025Wednesday, 30 April 2025, 14:15	6.1 MEDIUM	—
A Cross-Site Scripting (XSS) vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. The vulnerability allows remote attackers to inject arbitrary JavaScript code via the fromdate and todate parameters.
CVE-2025-45010 ↗	Apr 30, 2025Wednesday, 30 April 2025, 14:15	5.3 MEDIUM	—
A HTML Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the fromdate and todate POST request parameters.
CVE-2025-45018 ↗	Apr 30, 2025Wednesday, 30 April 2025, 14:15	9.8 CRITICAL	—
A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter.
CVE-2025-45019 ↗	Apr 30, 2025Wednesday, 30 April 2025, 14:15	5.4 MEDIUM	—
A SQL injection vulnerability was discovered in /add-foreigners-ticket.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the cprice POST request parameter.
CVE-2025-45021 ↗	Apr 30, 2025Wednesday, 30 April 2025, 14:15	5.3 MEDIUM	—
A SQL Injection vulnerability was identified in the admin/edit-directory.php file of the PHPGurukul Directory Management System v2.0. Attackers can exploit this vulnerability via the email parameter in a POST request to execute arbitrary SQL commands.
CVE-2025-45009 ↗	Apr 30, 2025Wednesday, 30 April 2025, 14:15	5.3 MEDIUM	—
A HTML Injection vulnerability was discovered in the normal-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata parameter.
CVE-2025-45020 ↗	Apr 30, 2025Wednesday, 30 April 2025, 13:15	7.2 HIGH	—
A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter in a POST request.
CVE-2025-45007 ↗	Apr 30, 2025Wednesday, 30 April 2025, 13:15	4.8 MEDIUM	—
A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the profile.php file of PHPGurukul Timetable Generator System v1.0. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the adminname POST request parameter.