yan1451

5 exploits Active since Feb 2026
CVE-2026-2179 WRITEUP MEDIUM WRITEUP
Phpgurukul Hospital Management System - Injection
A vulnerability was determined in PHPGurukul Hospital Management System 4.0. This impacts an unknown function of the file /admin/manage-users.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 4.7
CVE-2026-2984 WRITEUP MEDIUM WORKING POC
Student Result Management System 1.0 - DoS
A vulnerability was identified in SourceCodester Student Result Management System 1.0. This affects an unknown function of the file /admin/core/drop_user.php. Such manipulation of the argument ID leads to denial of service. The attack can be executed remotely. The exploit is publicly available and might be used.
CVSS 6.5
CVE-2026-2983 WRITEUP HIGH WORKING POC
Student Result Management System 1.0 - Auth Bypass
A vulnerability was determined in SourceCodester Student Result Management System 1.0. The impacted element is an unknown function of the file /admin/core/import_users.php of the component Bulk Import. This manipulation of the argument File causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
CVSS 7.3
CVE-2026-2938 WRITEUP HIGH WORKING POC
Student Result Management System 1.0 - Auth Bypass
A vulnerability has been found in SourceCodester Student Result Management System 1.0. The affected element is an unknown function of the file /srms/script/admin/core/update_smtp.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 7.3
CVE-2026-2179 WRITEUP MEDIUM WRITEUP
Phpgurukul Hospital Management System - Injection
A vulnerability was determined in PHPGurukul Hospital Management System 4.0. This impacts an unknown function of the file /admin/manage-users.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 4.7