Santoshcyber1 - Security Researcher - Exploit Intelligence Platform

CVE-2024-51076 WRITEUP MEDIUM WRITEUP

Phpgurukul Online DJ Booking Management System - XSS

A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/booking-search.php in PHPGurukul Online DJ Booking Management System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter.

CVSS 6.1

View Code

CVE-2024-51181 WRITEUP MEDIUM WRITEUP

Phpgurukul Ifsc Code Finder - XSS

A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/admin/profile.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via " searchifsccode" parameter.

CVSS 6.1

View Code

CVE-2024-53603 WRITEUP HIGH WRITEUP

Phpgurukul Covid19 Testing Management System - SQL Injection

A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter.

CVSS 7.3

View Code

CVE-2024-53604 WRITEUP CRITICAL WRITEUP

Phpgurukul Covid19 Testing Management System - Code Injection

A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the mobnumber POST request parameter.

CVSS 9.8

View Code

CVE-2024-53635 WRITEUP MEDIUM WRITEUP

Phpgurukul Covid19 Testing Management System - XSS

A Reflected Cross Site Scripting (XSS) vulnerability was found in /covid-tms/patient-search-report.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata POST request parameter.

CVSS 4.8

View Code

CVE-2024-54790 WRITEUP HIGH WRITEUP

Phpgurukul Pre-school Enrollment System - SQL Injection

A SQL Injection vulnerability was found in /index.php in PHPGurukul Pre-School Enrollment System v1.0, which allows remote attackers to execute arbitrary code via the visittime parameter.

CVSS 7.5

View Code

CVE-2024-54810 WRITEUP CRITICAL WRITEUP

Phpgurukul Pre-school Enrollment System - SQL Injection

A SQL Injection vulnerability was found in /preschool/admin/password-recovery.php in PHPGurukul Pre-School Enrollment System Project v1.0, which allows remote attackers to execute arbitrary code via the mobileno parameter.

CVSS 9.8

View Code

CVE-2024-55268 WRITEUP MEDIUM WRITEUP

Phpgurukul Covid 19 Testing Management System - XSS

A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter.

CVSS 6.1

View Code

CVE-2024-57686 WRITEUP CRITICAL WRITEUP

Phpgurukul Land Record System - XSS

A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "pagetitle" parameter.

CVSS 9.8

View Code

CVE-2024-57687 WRITEUP CRITICAL WRITEUP

Phpgurukul Land Record System - OS Command Injection

An OS Command Injection vulnerability was found in /landrecordsys/admin/dashboard.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "Cookie" GET request parameter.

CVSS 9.8

View Code

CVE-2025-25352 WRITEUP HIGH WRITEUP