rtnthakur

12 exploits Active since Mar 2025
CVE-2025-28015 WRITEUP MEDIUM WRITEUP
Phpgurukul User Registration & Login ... - Basic XSS
A HTML Injection vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary HTML code via the fname, lname, and contact parameters.
CVSS 5.3
CVE-2025-28016 WRITEUP MEDIUM WRITEUP
Phpgurukul User Registration & Login And User Management System - XSS
A Reflected Cross-Site Scripting (XSS) vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the fname, lname, and contact parameters.
CVSS 4.8
CVE-2025-45010 WRITEUP MEDIUM WRITEUP
Phpgurukul Park Ticketing Management System - Command Injection
A HTML Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the fromdate and todate POST request parameters.
CVSS 5.3
CVE-2025-45011 WRITEUP MEDIUM WRITEUP
Phpgurukul Park Ticketing Management System - Command Injection
A HTML Injection vulnerability was discovered in the foreigner-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata POST request parameter.
CVSS 5.3
CVE-2025-45015 WRITEUP MEDIUM WRITEUP
Phpgurukul Park Ticketing Management System - XSS
A Cross-Site Scripting (XSS) vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. The vulnerability allows remote attackers to inject arbitrary JavaScript code via the fromdate and todate parameters.
CVSS 6.1
CVE-2025-45017 WRITEUP CRITICAL WRITEUP
Phpgurukul Park Ticketing Management System - SQL Injection
A SQL injection vulnerability was discovered in edit-ticket.php of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the tprice POST request parameter.
CVSS 9.8
CVE-2025-45018 WRITEUP CRITICAL WRITEUP
Phpgurukul Park Ticketing Management System - SQL Injection
A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter.
CVSS 9.8
CVE-2025-45019 WRITEUP MEDIUM WRITEUP
Phpgurukul Park Ticketing Management System - SQL Injection
A SQL injection vulnerability was discovered in /add-foreigners-ticket.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the cprice POST request parameter.
CVSS 5.4
CVE-2025-45020 WRITEUP HIGH WRITEUP
Phpgurukul Park Ticketing Management System - SQL Injection
A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter in a POST request.
CVSS 7.2
CVE-2025-45021 WRITEUP MEDIUM WRITEUP
Phpgurukul Directory Management System - SQL Injection
A SQL Injection vulnerability was identified in the admin/edit-directory.php file of the PHPGurukul Directory Management System v2.0. Attackers can exploit this vulnerability via the email parameter in a POST request to execute arbitrary SQL commands.
CVSS 5.3
CVE-2025-51671 WRITEUP MEDIUM WRITEUP
Phpgurukul Dairy Farm Shop Management System - SQL Injection
A SQL injection vulnerability was discovered in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability allows remote attackers to execute arbitrary SQL code via the category and categorycode parameters in a POST request to the manage-categories.php file.
CVSS 5.4
CVE-2025-51672 WRITEUP HIGH WRITEUP
Phpgurukul Dairy Farm Shop Management System - SQL Injection
A time-based blind SQL injection vulnerability was identified in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability exists in the manage-companies.php file and allows remote attackers to execute arbitrary SQL code via the companyname parameter in a POST request.
CVSS 8.0