rtnthakur

12 exploits Active since Mar 2025
CVE-2025-28015 WRITEUP MEDIUM WRITEUP
PHPGurukul User Registration & Login and User Management System V3.3 - Cross-Site Scripting via Edit Profile Parameters
A HTML Injection vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary HTML code via the fname, lname, and contact parameters.
CVSS 5.3
CVE-2025-28016 WRITEUP MEDIUM WRITEUP
PHPGurukul User Registration & Login System 3.3 - Reflected XSS via fname/lname/contact
A Reflected Cross-Site Scripting (XSS) vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the fname, lname, and contact parameters.
CVSS 4.8
CVE-2025-45010 WRITEUP MEDIUM WRITEUP
PHPGurukul Park Ticketing Management System 2.0 - RCE via normal-bwdates-reports-details.php
A HTML Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the fromdate and todate POST request parameters.
CVSS 5.3
CVE-2025-45011 WRITEUP MEDIUM WRITEUP
PHPGurukul Park Ticketing Management System 2.0 - Remote Code Execution via foreigner-search.php searchdata Parameter
A HTML Injection vulnerability was discovered in the foreigner-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata POST request parameter.
CVSS 5.3
CVE-2025-45015 WRITEUP MEDIUM WRITEUP
PHPGurukul Park Ticketing Management System 2.0 - Stored XSS via foreigner-bwdates-reports-details.php
A Cross-Site Scripting (XSS) vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. The vulnerability allows remote attackers to inject arbitrary JavaScript code via the fromdate and todate parameters.
CVSS 6.1
CVE-2025-45017 WRITEUP CRITICAL WRITEUP
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via edit-ticket.php tprice Parameter
A SQL injection vulnerability was discovered in edit-ticket.php of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the tprice POST request parameter.
CVSS 9.8
CVE-2025-45018 WRITEUP CRITICAL WRITEUP
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via todate Parameter
A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter.
CVSS 9.8
CVE-2025-45019 WRITEUP MEDIUM WRITEUP
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via cprice Parameter
A SQL injection vulnerability was discovered in /add-foreigners-ticket.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the cprice POST request parameter.
CVSS 5.4
CVE-2025-45020 WRITEUP HIGH WRITEUP
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via todate Parameter
A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter in a POST request.
CVSS 7.2
CVE-2025-45021 WRITEUP MEDIUM WRITEUP
PHPGurukul Directory Management System 2.0 - SQL Injection via Email Parameter
A SQL Injection vulnerability was identified in the admin/edit-directory.php file of the PHPGurukul Directory Management System v2.0. Attackers can exploit this vulnerability via the email parameter in a POST request to execute arbitrary SQL commands.
CVSS 5.3
CVE-2025-51671 WRITEUP MEDIUM WRITEUP
PHPGurukul Dairy Farm Shop Management System 1.3 - SQL Injection via Category Parameters
A SQL injection vulnerability was discovered in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability allows remote attackers to execute arbitrary SQL code via the category and categorycode parameters in a POST request to the manage-categories.php file.
CVSS 5.4
CVE-2025-51672 WRITEUP HIGH WRITEUP
PHPGurukul Dairy Farm Shop Management System 1.3 - SQL Injection via companyname Parameter
A time-based blind SQL injection vulnerability was identified in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability exists in the manage-companies.php file and allows remote attackers to execute arbitrary SQL code via the companyname parameter in a POST request.
CVSS 8.0