Search Results (Refine Search)
- Keyword (text search): PHP
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-30982 |
SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the upid parameter in the /view-user-detail.php file. Published: April 17, 2024; 2:15:16 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30983 |
SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the compname parameter in /edit-computer-detail.php file. Published: April 17, 2024; 1:15:15 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30981 |
SQL Injection vulnerability in /edit-computer-detail.php in phpgurukul Cyber Cafe Management System Using PHP & MySQL v1.0 allows attackers to run arbitrary SQL commands via editid in the application URL. Published: April 17, 2024; 1:15:15 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30980 |
SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the Computer Location parameter in manage-computer.php page. Published: April 17, 2024; 1:15:15 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32256 |
Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. When updating a current package, there are no checks for what types of files are uploaded from the image. Published: April 16, 2024; 1:15:11 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32254 |
Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via tms/admin/create-package.php. When creating a new package, there is no checks for what types of files are uploaded from the image. Published: April 16, 2024; 1:15:10 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28557 |
SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to update-admin.php. Published: April 15, 2024; 3:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28556 |
SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin-manage-user.php. Published: April 15, 2024; 3:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-48710 |
iTop is an IT service management platform. Files from the `env-production` folder can be retrieved even though they should have restricted access. Hopefully, there is no sensitive files stored in that folder natively, but there could be from a third-party module. The `pages/exec.php` script as been fixed to limit execution of PHP files only. Other file types won't be retrieved and exposed. The vulnerability is fixed in 2.7.10, 3.0.4, 3.1.1, and 3.2.0. Published: April 15, 2024; 2:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3771 |
A vulnerability was found in PHPGurukul Student Record System 3.20 and classified as critical. Affected by this issue is some unknown functionality of the file /edit-subject.php. The manipulation of the argument sub1/sub2/sub3/sub4/udate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-260618 is the identifier assigned to this vulnerability. Published: April 15, 2024; 2:15:11 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3770 |
A vulnerability has been found in PHPGurukul Student Record System 3.20 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage-courses.php?del=1. The manipulation of the argument del leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260617 was assigned to this vulnerability. Published: April 15, 2024; 1:15:15 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3769 |
A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /login.php. The manipulation of the argument id/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260616. Published: April 15, 2024; 12:15:15 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3768 |
A vulnerability, which was classified as critical, has been found in PHPGurukul News Portal 4.1. This issue affects some unknown processing of the file search.php. The manipulation of the argument searchtitle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260615. Published: April 15, 2024; 12:15:15 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3767 |
A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260614 is the identifier assigned to this vulnerability. Published: April 15, 2024; 12:15:15 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3691 |
A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. Affected by this issue is some unknown functionality of the component Registration Page. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260480. Published: April 12, 2024; 12:15:40 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3690 |
A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260479. Published: April 12, 2024; 11:15:26 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3707 |
Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file. Published: April 12, 2024; 10:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3706 |
Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored. Published: April 12, 2024; 10:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3054 |
WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstg_get_custom_exclude_path_free action. This is due to the plugin not providing sufficient path validation on the tree_node[node][id] parameter. This makes it possible for authenticated attackers, with admin-level access and above, to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. Published: April 12, 2024; 6:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3020 |
The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter. This allows authenticated attackers, with administrator-level access to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. Published: April 10, 2024; 1:15:50 AM -0400 |
V3.x:(not available) V2.0:(not available) |