cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-13004,https://securityvulnerability.io/vulnerability/CVE-2024-13004,SQL Injection Vulnerability in PHPGurukul Complaint Management System,"A vulnerability has been identified in PHPGurukul's Complaint Management System version 1.0, specifically within the admin functionality located in the file /admin/category.php. The issue arises from improper handling of the 'state' argument, enabling an SQL injection attack that can be executed remotely. This flaw exposes the database to unauthorized queries, which could lead to unauthorized data access or manipulation. Public disclosure of this vulnerability highlights the urgency for users to implement appropriate security measures to safeguard their systems.",PHPgurukul,Complaint Management System,6.9,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-12-29T06:31:05.000Z,true,false,false,,2024-12-29T06:31:05.405Z,0
CVE-2024-12977,https://securityvulnerability.io/vulnerability/CVE-2024-12977,SQL Injection Vulnerability in PHPGurukul Complaint Management System,"The PHPGurukul Complaint Management System version 1.0 contains a vulnerability in the file located at /admin/state.php, which is susceptible to SQL injection attacks. Attackers can manipulate the state parameter, enabling unauthorized access to the database. This vulnerability can be exploited remotely, allowing potential attackers to execute malicious SQL queries that may compromise sensitive data. With the exploit being publicly disclosed, it highlights the urgent need for users to apply necessary patches and implement security best practices to mitigate risks.",PHPgurukul,Complaint Management System,5.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-12-27T01:31:06.000Z,true,false,false,,2024-12-27T01:31:06.730Z,0
CVE-2024-12230,https://securityvulnerability.io/vulnerability/CVE-2024-12230,SQL Injection Vulnerability in PHPGurukul Complaint Management System,"CVE-2024-12230 identifies a critical SQL injection vulnerability within the PHPGurukul Complaint Management System 1.0. The flaw exists specifically within the '/admin/subcategory.php' file, where improper handling of the 'category' parameter allows remote attackers to execute arbitrary SQL code. This can lead to unauthorized access to the database, manipulation of sensitive data, or complete system compromise. It is crucial for users of this system to implement patches and follow best security practices to mitigate the risk associated with this vulnerability.",PHPgurukul,Complaint Management System,9.8,CRITICAL,0.0016499999910593033,false,,false,false,true,2024-12-05T14:31:09.000Z,true,false,false,,2024-12-05T14:31:09.399Z,0
CVE-2024-12229,https://securityvulnerability.io/vulnerability/CVE-2024-12229,SQL Injection Vulnerability in PHPGurukul Complaint Management System,"A critical SQL injection vulnerability has been identified in version 1.0 of the PHPGurukul Complaint Management System. Located within the /admin/complaint-search.php file, this vulnerability allows attackers to manipulate the 'search' argument, potentially leading to unauthorized access and data manipulation. The exploit can be executed remotely, posing significant risks to data integrity and security. It is imperative for organizations using this software to assess their exposure to this vulnerability and apply necessary mitigations promptly.",PHPgurukul,Complaint Management System,9.8,CRITICAL,0.0016499999910593033,false,,false,false,true,2024-12-05T14:31:06.000Z,true,false,false,,2024-12-05T14:31:06.449Z,0
CVE-2024-12228,https://securityvulnerability.io/vulnerability/CVE-2024-12228,SQL Injection Vulnerability in PHPGurukul Complaint Management System,"CVE-2024-12228 is a critical SQL injection vulnerability found in the PHPGurukul Complaint Management System version 1.0. This vulnerability allows attackers to manipulate input parameters, specifically in the /admin/user-search.php file. It enables remote execution of SQL queries, potentially compromising sensitive data and allowing unauthorized access. Due to its public disclosure, immediate action is advised to secure affected installations from potential exploitation.",PHPgurukul,Complaint Management System,9.8,CRITICAL,0.0016499999910593033,false,,false,false,true,2024-12-05T13:31:09.000Z,true,false,false,,2024-12-05T13:31:09.200Z,0
CVE-2024-11967,https://securityvulnerability.io/vulnerability/CVE-2024-11967,SQL Injection Vulnerability in PHPGurukul Complaint Management System,"The CVE-2024-11967 vulnerability involves a critical SQL injection found in the reset-password.php file of the PHPGurukul Complaint Management System version 1.0. An attacker can exploit this vulnerability by manipulating the 'email' parameter, which allows unauthorized SQL queries to be executed remotely. This can lead to unauthorized access to sensitive data and overall system compromise. As this exploit has been publicly disclosed, it is imperative for users to apply patches or mitigate the risks associated with this vulnerability promptly.",PHPgurukul,Complaint Management System,9.8,CRITICAL,0.0006300000241026282,false,,false,false,true,2024-11-28T18:00:14.000Z,true,false,false,,2024-11-28T18:00:14.034Z,0
CVE-2024-11966,https://securityvulnerability.io/vulnerability/CVE-2024-11966,SQL Injection Vulnerability in PHPGurukul Complaint Management System,"CVE-2024-11966 is a critical SQL injection vulnerability identified in the PHPGurukul Complaint Management System version 1.0. This vulnerability arises in the processing of inputs in the file /admin/index.php, specifically through the manipulation of the 'username' parameter. Attackers can exploit this vulnerability remotely, enabling them to execute arbitrary SQL queries against the application's database. This could lead to unauthorized data access, modification, or even complete system compromise. Given the public disclosure of this vulnerability, it is essential for users and organizations relying on this software to immediately evaluate their exposure and take necessary security measures.",PHPgurukul,Complaint Management System,9.8,CRITICAL,0.0016499999910593033,false,,false,false,true,2024-11-28T17:31:06.000Z,true,false,false,,2024-11-28T17:31:06.291Z,0
CVE-2024-11965,https://securityvulnerability.io/vulnerability/CVE-2024-11965,SQL Injection Vulnerability in PHPGurukul Complaint Management System,"A critical SQL injection vulnerability has been identified in the PHPGurukul Complaint Management System 1.0, specifically within the '/user/reset-password.php' file. The vulnerability arises from the improper handling of the 'email' parameter, allowing attackers to manipulate SQL queries executed by the application. This manipulation could potentially enable unauthorized access to sensitive information or control over the database. The exploit is publicly disclosed and can be executed remotely, posing a significant threat to users of the affected system.",PHPgurukul,Complaint Management System,9.8,CRITICAL,0.0016499999910593033,false,,false,false,true,2024-11-28T17:00:15.000Z,true,false,false,,2024-11-28T17:00:15.264Z,0
CVE-2024-11964,https://securityvulnerability.io/vulnerability/CVE-2024-11964,SQL Injection Vulnerability in PHPGurukul Complaint Management System,"CVE-2024-11964 is a critical SQL injection vulnerability found in the PHPGurukul Complaint Management System version 1.0. This vulnerability resides in the /user/index.php file and arises from improper validation of the 'emailid' parameter. Attackers can exploit this flaw to execute arbitrary SQL queries against the database, potentially compromising sensitive information. The vulnerability is remotely exploitable, allowing an attacker to manipulate the input without needing direct access to the underlying system. Given the public disclosure of this exploit, it poses a significant risk to users of the software, making immediate mitigation essential.",PHPgurukul,Complaint Management System,9.8,CRITICAL,0.0016499999910593033,false,,false,false,true,2024-11-28T17:00:11.000Z,true,false,false,,2024-11-28T17:00:11.627Z,0
CVE-2024-39090,https://securityvulnerability.io/vulnerability/CVE-2024-39090,Attackers Can Execute Arbitrary JavaScript Code via CSRF and XSS in PHPGurukul Online Shopping Portal Project,"The PHPGurukul Online Shopping Portal Project version 2.0 contains a vulnerability that allows Cross-Site Request Forgery (CSRF) to lead to Stored Cross-Site Scripting (XSS). An attacker can exploit this vulnerability to execute arbitrary JavaScript code in the context of a user's session, potentially leading to account takeover.",PHPGurukul,,,,0.0004299999854993075,false,,false,false,true,2024-11-27T23:55:58.000Z,true,false,false,,2024-07-18T20:15:00.000Z,0
CVE-2024-9326,https://securityvulnerability.io/vulnerability/CVE-2024-9326,SQL Injection Vulnerability in PHPGurukul Online Shopping Portal Admin Panel,"A significant vulnerability has been discovered in the PHPGurukul Online Shopping Portal 2.0, impacting the Admin Panel specifically in the file located at /shopping/admin/index.php. The issue arises from improper handling of user-supplied input in the username field, which makes it susceptible to SQL injection attacks. Threat actors can exploit this weakness remotely, allowing them to manipulate the database queries and potentially gain unauthorized access to sensitive information. Given that this vulnerability has already been publicly disclosed, it poses a serious risk to users and administrators who are urged to secure their systems against potential exploitation.",PHPgurukul,Online Shopping Portal,9.8,CRITICAL,0.0006300000241026282,false,,false,false,true,2024-11-27T23:49:54.000Z,true,false,false,,2024-09-29T08:00:09.100Z,0
CVE-2024-11818,https://securityvulnerability.io/vulnerability/CVE-2024-11818,Remote SQL Injection Vulnerability in PHPGurukul User Registration System,"A critical SQL injection vulnerability has been identified in PHPGurukul User Registration & Login and User Management System version 1.0. This security flaw resides within the /signup.php file, where improper handling of the 'email' parameter allows attackers to execute arbitrary SQL commands remotely. Given the exploit has been disclosed publicly, it poses an imminent risk to the integrity of user data and could facilitate unauthorized access and data exfiltration. Users and administrators of the affected version are strongly advised to apply security patches and safeguard their systems against potential exploitation.",PHPgurukul,User Registration & Login And User Management System,9.8,CRITICAL,0.0006300000241026282,false,,false,false,true,2024-11-27T00:15:00.000Z,true,false,false,,2024-11-27T00:15:00.000Z,0
CVE-2024-11817,https://securityvulnerability.io/vulnerability/CVE-2024-11817,SQL Injection Vulnerability in PHPGurukul User Registration & Login System,"The CVE-2024-11817 vulnerability affects the PHPGurukul User Registration & Login and User Management System version 1.0. It arises from an SQL injection flaw found in the /admin/index.php file, where improper validation of the username argument allows remote attackers to inject malicious SQL statements. This vulnerability is classified as critical due to its potential for exploitation, which could lead to unauthorized access to sensitive user information and compromise of the database. Security measures should be taken promptly to mitigate risks associated with this vulnerability.",PHPgurukul,User Registration & Login And User Management System,9.8,CRITICAL,0.0006300000241026282,false,,false,false,true,2024-11-26T23:15:00.000Z,true,false,false,,2024-11-26T23:15:00.000Z,0
CVE-2024-10807,https://securityvulnerability.io/vulnerability/CVE-2024-10807,Cross Site Scripting Vulnerability in Hospital Management System,"A vulnerability has been identified in the PHPGurukul Hospital Management System version 4.0 that compromises the security of users through cross-site scripting. This issue arises from improper handling of the 'searchdata' parameter in the hms/doctor/search.php file, enabling attackers to inject malicious scripts. The attack can be executed remotely, posing significant risks to user data and application integrity. As this exploit is publicly disclosed, immediate actions and mitigations are recommended to safeguard the system and its users.",PHPgurukul,Hospital Management System,4.8,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-11-05T01:00:08.000Z,true,false,false,,2024-11-05T01:00:08.591Z,0
CVE-2024-10806,https://securityvulnerability.io/vulnerability/CVE-2024-10806,Cross Site Scripting Vulnerability in PHPGurukul Hospital Management System 4.0,A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as problematic. This vulnerability affects unknown code of the file betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.,PHPgurukul,Hospital Management System,4.8,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-11-05T00:31:05.000Z,true,false,false,,2024-11-05T00:31:05.507Z,0
CVE-2024-10768,https://securityvulnerability.io/vulnerability/CVE-2024-10768,Cross Site Scripting Vulnerability in PHPGurukul Online Shopping Portal 2.0,A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/two_tables.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.,PHPgurukul,Online Shopping Portal,5.4,MEDIUM,0.0007600000244565308,false,,false,false,true,2024-11-04T18:31:06.000Z,true,false,false,,2024-11-04T18:31:06.063Z,0
CVE-2024-10757,https://securityvulnerability.io/vulnerability/CVE-2024-10757,Cross-Site Scripting (XSS) Vulnerability in /admin/assets/plugins/DataTables/media/unit_testing/templates/js_data.php,"A vulnerability, which was classified as problematic, has been found in PHPGurukul Online Shopping Portal 2.0. Affected by this issue is some unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/js_data.php. The manipulation of the argument scripts leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",PHPgurukul,Online Shopping Portal,6.1,MEDIUM,0.0010100000072270632,false,,false,false,true,2024-11-04T03:00:12.000Z,true,false,false,,2024-11-04T03:00:12.075Z,0
CVE-2024-10756,https://securityvulnerability.io/vulnerability/CVE-2024-10756,Cross-Site Scripting (XSS) Vulnerability in PHPGurukul Online Shopping Portal 2.0,A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/html_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.,PHPgurukul,Online Shopping Portal,6.1,MEDIUM,0.0010100000072270632,false,,false,false,true,2024-11-04T03:00:09.000Z,true,false,false,,2024-11-04T03:00:09.262Z,0
CVE-2024-10755,https://securityvulnerability.io/vulnerability/CVE-2024-10755,Cross Site Scripting Vulnerability Discovered in PHPGurukul Online Shopping Portal 2.0,A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0. Affected is an unknown function of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/empty_table.php. The manipulation of the argument scripts leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.,PHPgurukul,Online Shopping Portal,6.1,MEDIUM,0.0010100000072270632,false,,false,false,true,2024-11-04T02:31:08.000Z,true,false,false,,2024-11-04T02:31:08.131Z,0
CVE-2024-10754,https://securityvulnerability.io/vulnerability/CVE-2024-10754,Cross Site Scripting Vulnerability in PHPGurukul Online Shopping Portal 2.0,A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dymanic_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.,PHPgurukul,Online Shopping Portal,6.1,MEDIUM,0.0010100000072270632,false,,false,false,true,2024-11-04T02:31:05.000Z,true,false,false,,2024-11-04T02:31:05.519Z,0
CVE-2024-10753,https://securityvulnerability.io/vulnerability/CVE-2024-10753,Remote Cross-Site Scripting Vulnerability in PHPGurukul Online Shopping Portal 2.0,A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been declared as problematic. This vulnerability affects unknown code of the file admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data_two_headers.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.,PHPgurukul,Online Shopping Portal,5.4,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-11-04T02:00:08.000Z,true,false,false,,2024-11-04T02:00:08.516Z,0
CVE-2024-10747,https://securityvulnerability.io/vulnerability/CVE-2024-10747,Cross Site Scripting Vulnerability Found in PHPGurukul Online Shopping Portal 2.0,"A vulnerability identified within the PHPGurukul Online Shopping Portal version 2.0 involves improper handling of arguments in the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data_th.php. This weakness enables attackers to execute cross site scripting (XSS) attacks, allowing the manipulation of user inputs via remote exploitation. The potential for unauthorized access and data manipulation poses a significant security risk, as the exploit has been disclosed and may be leveraged by malicious actors. Safeguarding against this vulnerability requires immediate attention to secure coding practices and implementing updates to the affected product.",PHPgurukul,Online Shopping Portal,6.1,MEDIUM,0.0010100000072270632,false,,false,false,true,2024-11-04T00:15:00.000Z,true,false,false,,2024-11-04T00:15:00.000Z,0
CVE-2024-10746,https://securityvulnerability.io/vulnerability/CVE-2024-10746,Cross Site Scripting Vulnerability Discovered in PHPGurukul Online Shopping Portal 2.0,A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0. This affects an unknown part of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data.php. The manipulation of the argument scripts leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.,PHPgurukul,Online Shopping Portal,6.1,MEDIUM,0.0010100000072270632,false,,false,false,true,2024-11-04T00:15:00.000Z,true,false,false,,2024-11-04T00:15:00.000Z,0
CVE-2024-10745,https://securityvulnerability.io/vulnerability/CVE-2024-10745,Cross Site Scripting Vulnerability in PHPGurukul Online Shopping Portal 2.0,A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/deferred_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.,PHPgurukul,Online Shopping Portal,6.1,MEDIUM,0.0010100000072270632,false,,false,false,true,2024-11-03T23:15:00.000Z,true,false,false,,2024-11-03T23:15:00.000Z,0
CVE-2024-10744,https://securityvulnerability.io/vulnerability/CVE-2024-10744,Cross Site Scripting Vulnerability in PHPGurukul Online Shopping Portal,A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/complex_header_2.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.,PHPgurukul,Online Shopping Portal,6.1,MEDIUM,0.0010100000072270632,false,,false,false,true,2024-11-03T22:31:05.000Z,true,false,false,,2024-11-03T22:31:05.571Z,0