0xBhushan

11 exploits Active since Dec 2024
CVE-2024-48703 WRITEUP MEDIUM WRITEUP
Anujk305 Medical Card Generation System - XSS
PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter.
CVSS 4.8
CVE-2024-48704 WRITEUP MEDIUM WRITEUP
Phpgurukul Medical Card Generation System - XSS
Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes.
CVSS 6.1
CVE-2024-51099 WRITEUP MEDIUM WRITEUP
Phpgurukul Medical Card Generation System - XSS
A reflected cross-site scripting (XSS) vulnerability in the component mcgs/download-medical-cards.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the searchdata parameter.
CVSS 6.1
CVE-2024-51102 WRITEUP MEDIUM WRITEUP
Phpgurukul Student Management System - SQL Injection
PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/login.php via the username and password parameters.
CVSS 4.4
CVE-2024-51103 WRITEUP MEDIUM WRITEUP
Phpgurukul Student Management System - SQL Injection
PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/password-recovery.php via the emailid and id parameters.
CVSS 6.5
CVE-2024-51106 WRITEUP MEDIUM WRITEUP
Anujk305 Medical Card Generation System - XSS
A cross-site scripting (XSS) vulnerability in the component mcgs/admin/aboutus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle parameter.
CVSS 4.6
CVE-2024-51107 WRITEUP MEDIUM WRITEUP
Anujk305 Medical Card Generation System - XSS
Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle, pagedes, and email parameters.
CVSS 4.8
CVE-2024-51108 WRITEUP MEDIUM WRITEUP
Anujk305 Medical Card Generation System - XSS
Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fromdate and todate parameters.
CVSS 5.4
CVE-2025-45321 WRITEUP HIGH WRITEUP
Lopalopa Online Service Management Portal - SQL Injection
kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in /osms/Requester/Requesterchangepass.php via the parameter: rPassword.
CVSS 8.8
CVE-2025-45322 WRITEUP HIGH WRITEUP
Lopalopa Online Service Management Portal - SQL Injection
kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in osms/Requester/CheckStatus.php via the checkid parameter.
CVSS 8.8
CVE-2025-51567 WRITEUP CRITICAL WRITEUP
Jayesh Online Exam System - SQL Injection
A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request.
CVSS 9.1