Nguyễn Phước Thịnh - Security Researcher - Exploit Intelligence Platform

CVE-2025-57146 WRITEUP HIGH WRITEUP

phpgurukul Complaint Management System 2.0 - SQL Injection via mobileno Parameter

phpgurukul Complaint Management System in PHP 2.0 is vulnerable to SQL Injection in user/reset-password.php via the mobileno parameter.

CVSS 8.1

View Code

CVE-2025-57147 WRITEUP HIGH WRITEUP

phpgurukul Complaint Management System 2.0 - SQL Injection via User Registration Parameters

A SQL Injection vulnerability was found in phpgurukul Complaint Management System 2.0. The vulnerability is due to lack of input validation of multiple parameters including fullname, email, and contactno in user/registration.php.

CVSS 7.5

View Code

CVE-2025-57148 WRITEUP CRITICAL WRITEUP

phpgurukul Online Shopping Portal 2.0 - Arbitrary File Upload via Insert Product Endpoint

phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation.

CVSS 9.1

View Code

CVE-2025-57149 WRITEUP MEDIUM WRITEUP

phpgurukul Complaint Management System 2.0 - SQL Injection via cid Parameter

phpgurukul Complaint Management System 2.0 is vulnerable to SQL Injection in /complaint-details.php via the cid parameter.

CVSS 6.5

View Code

CVE-2025-57150 WRITEUP HIGH WRITEUP

phpgurukul Complaint Management System 2.0 - Stored Cross-Site Scripting via categoryName Parameter

phpgurukul Complaint Management System in PHP 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/subcategory.php via the categoryName parameter.

CVSS 7.2

View Code

CVE-2025-57151 WRITEUP HIGH WRITEUP

phpgurukul Complaint Management System 2.0 - Stored Cross-Site Scripting via Fullname Parameter

phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in admin/userprofile.php via the fullname parameter.

CVSS 8.8

View Code