Mohammed Athif

6 exploits Active since Nov 2024
CVE-2024-53364 WRITEUP MEDIUM WRITEUP
Phpgurukul Vehicle Parking Management System - SQL Injection
A SQL injection vulnerability was found in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/view-detail.php. This vulnerability affects the viewid parameter, where improper input sanitization allows attackers to inject malicious SQL queries.
CVSS 5.4
CVE-2024-53365 WRITEUP MEDIUM WRITEUP
Phpgurukul Vehicle Parking Management System - XSS
A stored cross-site scripting (XSS) vulnerability was identified in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/profile.php. This vulnerability allows authenticated users to inject malicious XSS scripts into the profile name field.
CVSS 5.4
CVE-2024-55056 WRITEUP MEDIUM WRITEUP
Phpgurukul Online Birth Certificate System - XSS
A stored cross-site scripting (XSS) vulnerability was identified in Phpgurukul Online Birth Certificate System 1.0 in /user/certificate-form.php via the full name field.
CVSS 5.4
CVE-2024-55057 WRITEUP MEDIUM WRITEUP
Phpgurukul Online Birth Certificate System 1.0 - Info Disclosure
Phpgurukul Online Birth Certificate System 1.0 suffers from insufficient password requirements which can lead to unauthorized access to user accounts.
CVSS 5.4
CVE-2024-55058 WRITEUP MEDIUM WRITEUP
PHPGurukul Online Birth Certificate System v1.0 - IDOR
An insecure direct object reference (IDOR) vulnerability was discovered in PHPGurukul Online Birth Certificate System v1.0. This vulnerability resides in the viewid parameter of /user/view-application-detail.php. Authenticated users can exploit this flaw by manipulating the viewid parameter in the URL to access sensitive birth certificate details of other users without proper authorization checks.
CVSS 4.3
CVE-2024-55059 WRITEUP MEDIUM WRITEUP
Phpgurukul Online Birth Certificate System - XSS
A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php.
CVSS 6.1