0xBhushan

11 exploits Active since Dec 2024
CVE-2024-48703 WRITEUP MEDIUM WRITEUP
PhpGurukul Medical Card Generation System 1.0 - Reflected Cross-Site Scripting via Search Parameter
PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter.
CVSS 4.8
CVE-2024-48704 WRITEUP MEDIUM WRITEUP
Phpgurukul Medical Card Generation System 1.0 - Cross-Site Scripting via pagedes Parameter
Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes.
CVSS 6.1
CVE-2024-51099 WRITEUP MEDIUM WRITEUP
PHPGURUKUL Medical Card Generation System 1.0 - Reflected Cross-Site Scripting via searchdata Parameter
A reflected cross-site scripting (XSS) vulnerability in the component mcgs/download-medical-cards.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the searchdata parameter.
CVSS 6.1
CVE-2024-51102 WRITEUP MEDIUM WRITEUP
PHPGURUKUL Student Management System v1 - SQL Injection via Login Username and Password Parameters
PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/login.php via the username and password parameters.
CVSS 4.4
CVE-2024-51103 WRITEUP MEDIUM WRITEUP
PHPGURUKUL Student Management System v1 - SQL Injection via Password Recovery Email ID and ID Parameters
PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/password-recovery.php via the emailid and id parameters.
CVSS 6.5
CVE-2024-51106 WRITEUP MEDIUM WRITEUP
PHPGURUKUL Medical Card Generation System 1.0 - Stored Cross-Site Scripting via About Us Page Title Parameter
A cross-site scripting (XSS) vulnerability in the component mcgs/admin/aboutus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle parameter.
CVSS 4.6
CVE-2024-51107 WRITEUP MEDIUM WRITEUP
PHPGURUKUL Medical Card Generation System 1.0 - Stored Cross-Site Scripting via Contact Us Parameters
Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle, pagedes, and email parameters.
CVSS 4.8
CVE-2024-51108 WRITEUP MEDIUM WRITEUP
PHPGURUKUL Medical Card Generation System 1.0 - Stored Cross-Site Scripting via fromdate and todate Parameters
Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fromdate and todate parameters.
CVSS 5.4
CVE-2025-45321 WRITEUP HIGH WRITEUP
kashipara Online Service Management Portal V1.0 - SQL Injection via rPassword Parameter
kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in /osms/Requester/Requesterchangepass.php via the parameter: rPassword.
CVSS 8.8
CVE-2025-45322 WRITEUP HIGH WRITEUP
kashipara Online Service Management Portal V1.0 - SQL Injection via CheckStatus checkid Parameter
kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in osms/Requester/CheckStatus.php via the checkid parameter.
CVSS 8.8
CVE-2025-51567 WRITEUP CRITICAL WRITEUP
kashipara Online Exam System V1.0 - SQL Injection via Profile Update Parameters
A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request.
CVSS 9.1