dhabaleshwardas

23 exploits Active since Nov 2023
CVE-2023-6297 WRITEUP MEDIUM WRITEUP
PHPGurukul Nipah Virus Testing Management System 1.0 - XSS
A vulnerability classified as problematic has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file patient-search-report.php of the component Search Report Page. The manipulation of the argument Search By Patient Name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246123.
CVSS 4.3
CVE-2023-6402 WRITEUP MEDIUM WRITEUP
PHPGurukul Nipah Virus Testing Management System 1.0 - SQL Injection
A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file add-phlebotomist.php. The manipulation of the argument empid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246423.
CVSS 6.3
CVE-2023-6442 WRITEUP LOW WRITEUP
PHPGurukul Nipah Virus Testing Management System 1.0 - XSS
A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add-phlebotomist.php. The manipulation of the argument empid/fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246445 was assigned to this vulnerability.
CVSS 3.5
CVE-2023-6465 WRITEUP MEDIUM WRITEUP
PHPGurukul Nipah Virus Testing Management System 1.0 - XSS
A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as problematic. This affects an unknown part of the file registered-user-testing.php. The manipulation of the argument regmobilenumber leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246615.
CVSS 4.3
CVE-2023-6474 WRITEUP MEDIUM WRITEUP
PHPGurukul Nipah Virus Testing Management System 1.0 - CSRF
A vulnerability has been found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file manage-phlebotomist.php. The manipulation of the argument pid leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246640.
CVSS 4.3
CVE-2023-6648 WRITEUP HIGH WRITEUP
PHPGurukul Nipah Virus Testing Management System 1.0 - SQL Injection
A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file password-recovery.php. The manipulation of the argument username/contactno leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 7.3
CVE-2023-6649 WRITEUP MEDIUM WRITEUP
PHPGurukul Teacher Subject Allocation Management System 1.0 - XSS
A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file index.php. The manipulation of the argument searchdata with the input <script>alert(5)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-247342 is the identifier assigned to this vulnerability.
CVSS 4.3
CVE-2023-6653 WRITEUP MEDIUM WRITEUP
PHPGurukul Teacher Subject Allocation Management System 1.0 - CSRF
A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/subject.php of the component Create a new Subject. The manipulation of the argument cid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247346 is the identifier assigned to this vulnerability.
CVSS 4.3
CVE-2023-6766 WRITEUP MEDIUM WRITEUP
PHPGurukul Teacher Subject Allocation Management System 1.0 - Cross-Site Request Forgery via Delete Course Handler
A vulnerability classified as problematic has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Affected is an unknown function of the file /admin/course.php of the component Delete Course Handler. The manipulation of the argument delid leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247896.
CVSS 4.3
CVE-2023-7050 WRITEUP LOW WRITEUP
PHPGurukul Online Notes Sharing System 1.0 - Stored Cross-Site Scripting via Profile Name/Email Parameter
A vulnerability has been found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file user/profile.php. The manipulation of the argument name/email leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248737 was assigned to this vulnerability.
CVSS 3.5
CVE-2023-7051 WRITEUP MEDIUM WRITEUP
PHPGurukul Online Notes Sharing System 1.0 - Cross-Site Request Forgery via delid Parameter
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/manage-notes.php of the component Notes Handler. The manipulation of the argument delid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248738 is the identifier assigned to this vulnerability.
CVSS 4.3
CVE-2023-7052 WRITEUP MEDIUM WRITEUP
PHPGurukul Online Notes Sharing System 1.0 - Cross-Site Request Forgery in Profile Update
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been classified as problematic. This affects an unknown part of the file /user/profile.php. The manipulation of the argument name leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248739.
CVSS 4.3
CVE-2023-7053 WRITEUP LOW WRITEUP
PHPGurukul Online Notes Sharing System 1.0 - Weak Password Requirem...
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248740.
CVSS 3.1
CVE-2023-7054 WRITEUP MEDIUM WRITEUP
PHPGurukul Online Notes Sharing System 1.0 - Unrestricted File Upload via add-notes.php
A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /user/add-notes.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248741 was assigned to this vulnerability.
CVSS 5.5
CVE-2023-7055 WRITEUP MEDIUM WRITEUP
PHPGurukul Online Notes Sharing System 1.0 - Improper Access Control via Profile Mobile Number Parameter
A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Affected is an unknown function of the file /user/profile.php of the component Contact Information Handler. The manipulation of the argument mobilenumber leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-248742 is the identifier assigned to this vulnerability.
CVSS 4.3
CVE-2024-3084 WRITEUP MEDIUM WRITEUP
PHPGurukul Emergency Ambulance Hiring Portal 1.0 - Stored Cross-Site Scripting via Hire an Ambulance Page Input Fields
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Hire an Ambulance Page. The manipulation of the argument Patient Name/Relative Name/Relative Phone Number/City/State/Message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258677 was assigned to this vulnerability.
CVSS 4.3
CVE-2024-3085 WRITEUP HIGH WRITEUP
PHPGurukul Emergency Ambulance Hiring Portal 1.0 - SQL Injection via Admin Login Username Parameter
A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login Page. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258678 is the identifier assigned to this vulnerability.
CVSS 7.3
CVE-2024-3086 WRITEUP MEDIUM WRITEUP
PHPGurukul Emergency Ambulance Hiring Portal 1.0 - Cross-Site Scripting via Ambulance Tracking Page searchdata Parameter
A vulnerability classified as problematic was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258679.
CVSS 4.3
CVE-2024-3087 WRITEUP HIGH WRITEUP
PHPGurukul Emergency Ambulance Hiring Portal 1.0 - SQL Injection via Ambulance Tracking Page searchdata Parameter
A vulnerability, which was classified as critical, has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this issue is some unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258680.
CVSS 7.3
CVE-2024-3088 WRITEUP HIGH WRITEUP
PHPGurukul Emergency Ambulance Hiring Portal 1.0 - SQL Injection via Forgot Password Page Username Parameter
A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. This affects an unknown part of the file /admin/forgot-password.php of the component Forgot Password Page. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258681 was assigned to this vulnerability.
CVSS 7.3
CVE-2024-3089 WRITEUP MEDIUM WRITEUP
PHPGurukul Emergency Ambulance Hiring Portal 1.0 - Cross-Site Request Forgery in Manage Ambulance Page
A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/manage-ambulance.php of the component Manage Ambulance Page. The manipulation of the argument del leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258682 is the identifier assigned to this vulnerability.
CVSS 4.3
CVE-2024-3090 WRITEUP LOW WRITEUP
PHPGurukul Emergency Ambulance Hiring Portal 1.0 - Cross-Site Scripting via Ambulance Reg No/Driver Name
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/add-ambulance.php of the component Add Ambulance Page. The manipulation of the argument Ambulance Reg No/Driver Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258683.
CVSS 2.4
CVE-2024-3091 WRITEUP LOW WRITEUP
PHPGurukul Emergency Ambulance Hiring Portal 1.0 - Cross-Site Scripting in Search Request Page
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/search.php of the component Search Request Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258684.
CVSS 2.4