cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-3187,https://securityvulnerability.io/vulnerability/CVE-2023-3187,PHPGurukul Teachers Record Management System Profile Picture changeimage.php unrestricted upload,"A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Affected by this issue is some unknown functionality of the file /changeimage.php of the component Profile Picture Handler. The manipulation of the argument newpic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231176.",PHPGurukul,Teachers Record Management System,5.4,MEDIUM,0.0030900000128895044,false,,false,false,false,,,false,false,,2023-06-09T21:15:00.000Z,0
CVE-2021-28424,https://securityvulnerability.io/vulnerability/CVE-2021-28424,Stored Cross-Site Scripting Vulnerability in Teachers Record Management System by PHP Gurukul,"The Teachers Record Management System version 1.0 contains a stored cross-site scripting (XSS) vulnerability that allows remote authenticated users to inject arbitrary web scripts or HTML into the application. This can occur through the 'email' POST parameter in the adminprofile.php file, enabling attackers to execute malicious scripts in the context of other users and potentially compromising sensitive information.",PHPgurukul,Teachers Record Management System,5.4,MEDIUM,0.0038300000596791506,false,,false,false,false,,,false,false,,2021-07-01T14:48:28.000Z,0
CVE-2021-28423,https://securityvulnerability.io/vulnerability/CVE-2021-28423,SQL Injection Vulnerabilities in Teachers Record Management System by PHP Gurukul,"The Teachers Record Management System version 1.0 contains multiple SQL Injection vulnerabilities that permit remote authenticated users to execute arbitrary SQL commands. These vulnerabilities can be exploited through the 'editid' GET parameter in edit-subjects-detail.php, as well as 'edit-teacher-detail.php', and by utilizing the 'searchdata' POST parameter in search.php. Exploiting these vulnerabilities could lead to unauthorized database access, data manipulation, and potential compromise of the application.",PHPgurukul,Teachers Record Management System,8.8,HIGH,0.3732999861240387,false,,false,false,false,,,false,false,,2021-07-01T14:38:45.000Z,0
CVE-2021-26822,https://securityvulnerability.io/vulnerability/CVE-2021-26822,SQL Injection Vulnerability in Teachers Record Management System by PHP Gurukul,"The Teachers Record Management System 1.0 contains a SQL injection vulnerability in the 'searchteacher' POST parameter of search-teacher.php. This security flaw allows remote unauthenticated attackers to manipulate database queries, potentially leading to unauthorized access to sensitive information and the execution of arbitrary code. Organizations utilizing this software must implement necessary security measures to mitigate the risk of exploitation.",PHPgurukul,Teachers Record Management System,9.8,CRITICAL,0.10412000119686127,false,,false,false,false,,,false,false,,2021-02-15T20:54:51.000Z,0