Santoshcyber1

15 exploits Active since Oct 2024
CVE-2024-51076 WRITEUP MEDIUM WRITEUP
PHPGurukul Online DJ Booking Management System 1.0 - Reflected Cross-Site Scripting via Booking Search Parameter
A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/booking-search.php in PHPGurukul Online DJ Booking Management System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter.
CVSS 6.1
CVE-2024-51181 WRITEUP MEDIUM WRITEUP
PHPGurukul IFSC Code Finder Project 1.0 - Reflected Cross-Site Scripting via searchifsccode Parameter
A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/admin/profile.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via " searchifsccode" parameter.
CVSS 6.1
CVE-2024-53603 WRITEUP HIGH WRITEUP
PHPGurukul COVID 19 Testing Management System 1.0 - SQL Injection via Contact Number Parameter
A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter.
CVSS 7.3
CVE-2024-53604 WRITEUP CRITICAL WRITEUP
PHPGurukul COVID 19 Testing Management System 1.0 - SQL Injection via mobnumber Parameter
A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the mobnumber POST request parameter.
CVSS 9.8
CVE-2024-53635 WRITEUP MEDIUM WRITEUP
PHPGurukul COVID 19 Testing Management System 1.0 - Reflected Cross-Site Scripting via searchdata Parameter
A Reflected Cross Site Scripting (XSS) vulnerability was found in /covid-tms/patient-search-report.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata POST request parameter.
CVSS 4.8
CVE-2024-54790 WRITEUP HIGH WRITEUP
PHPGurukul Pre-School Enrollment System 1.0 - SQL Injection via visittime Parameter
A SQL Injection vulnerability was found in /index.php in PHPGurukul Pre-School Enrollment System v1.0, which allows remote attackers to execute arbitrary code via the visittime parameter.
CVSS 7.5
CVE-2024-54810 WRITEUP CRITICAL WRITEUP
PHPGurukul Pre-School Enrollment System 1.0 - SQL Injection via mobileno Parameter
A SQL Injection vulnerability was found in /preschool/admin/password-recovery.php in PHPGurukul Pre-School Enrollment System Project v1.0, which allows remote attackers to execute arbitrary code via the mobileno parameter.
CVSS 9.8
CVE-2024-55268 WRITEUP MEDIUM WRITEUP
PHPGurukul COVID 19 Testing Management System 1.0 - Reflected Cross-Site Scripting via regmobilenumber Parameter
A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter.
CVSS 6.1
CVE-2024-57686 WRITEUP CRITICAL WRITEUP
PHPGurukul Land Record System 1.0 - Cross-Site Scripting via pagetitle Parameter
A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "pagetitle" parameter.
CVSS 9.8
CVE-2024-57687 WRITEUP CRITICAL WRITEUP
PHPGurukul Land Record System 1.0 - OS Command Injection via Cookie GET Parameter
An OS Command Injection vulnerability was found in /landrecordsys/admin/dashboard.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "Cookie" GET request parameter.
CVSS 9.8
CVE-2025-25352 WRITEUP HIGH WRITEUP
PHPGurukul Land Record System 1.0 - SQL Injection via /admin/aboutus.php pagetitle Parameter
A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the pagetitle POST request parameter.
CVSS 7.2
CVE-2025-25354 WRITEUP HIGH WRITEUP
PHPGurukul Land Record System 1.0 - SQL Injection via Contact Number Parameter
A SQL Injection was found in /admin/admin-profile.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactnumber POST request parameter.
CVSS 7.2
CVE-2025-25355 WRITEUP HIGH WRITEUP
PHPGurukul Land Record System 1.0 - SQL Injection via fromdate Parameter
A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the fromdate POST request parameter.
CVSS 7.2
CVE-2025-25356 WRITEUP HIGH WRITEUP
PHPGurukul Land Record System 1.0 - SQL Injection via todate Parameter
A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the " todate" POST request parameter.
CVSS 7.2
CVE-2025-25387 WRITEUP HIGH WRITEUP
PHPGurukul Land Record System 1.0 - SQL Injection via Property Type POST Parameter
A SQL Injection vulnerability was found in /admin/manage-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the propertytype POST request parameter.
CVSS 7.2