Phpgurukul CVEs & Vulnerabilities

11 CVEs affecting Phpgurukul products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

vehicle record management system 5student record system 2hospital management system 2student management system 1gym management system 1
CVE-2024-51226MEDIUM

A stored cross-site scripting (XSS) vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Search parameter.

23 Mar 2026
6.1
CVSS
CVE-2024-51225MEDIUM

A stored cross-site scripting (XSS) vulnerability in the component /admin/add-brand.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the brandname parameter.

23 Mar 2026
4.8
CVSS
CVE-2024-51224MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the component /admin/edit-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the vehiclename, modelnumber, regnumber, vehiclesubtype, chasisnum and enginenumber parameters.

23 Mar 2026
4.8
CVSS
CVE-2024-51223MEDIUM

A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Mobile Number parameter.

23 Mar 2026
4.8
CVSS
CVE-2024-51222MEDIUM

A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.

23 Mar 2026
4.8
CVSS
CVE-2026-3403MEDIUM

A vulnerability was detected in PHPGurukul Student Record Management System 1.0. This issue affects some unknown processing of the file /edit-subject.php. Performing a manipulation of the argument Subject 1 results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used.

2 Mar 2026
4.8
CVSS
CVE-2026-3402MEDIUM

A security vulnerability has been detected in PHPGurukul Student Record Management System up to 1.0. This vulnerability affects unknown code of the file /edit-course.php. Such manipulation of the argument Course Short Name leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

2 Mar 2026
4.8
CVSS
CVE-2025-70064HIGHpoc

PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator Dashboard and all sub-modules (e.g., User Logs, Doctor Management) by manually browsing to the /admin/ directory after authentication. This allows any self-registered user to takeover the application, view confidential logs, and modify system data.

18 Feb 2026
8.8
CVSS
CVE-2025-70062MEDIUMpoc

PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create arbitrary Doctor accounts (privileged users) by tricking an authenticated administrator into visiting a malicious page.

18 Feb 2026
6.5
CVSS
CVE-2024-55270HIGHpoc

phpgurukul Student Management System 1.0 is vulnerable to SQL Injection in studentms/admin/search.php via the searchdata parameter.

17 Feb 2026
8.8
CVSS
CVE-2024-55271LOWpoc

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in phpgurukul Gym Management System 1.0. This issue is present in the profile update functionality of the User Panel, specifically the /profile.php endpoint.

17 Feb 2026
3.5
CVSS
← PrevPage 1 / 1Next →