This page lists publicly disclosed CVE vulnerabilities affecting phpgurukul student_result_management_system (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-56710 | A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2.0. This flaw allows an attacker to trick authenticated users into unintentionally modifying their account details. By crafting a malicious HTML page, an attacker can submit unauthorized requests to the vulnerable endpoint: /create-class.php. | [email protected] | 7.3 | 0.18% | 2025-09-15 | 2026-06-17 |
| CVE-2025-50489 | Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack. | [email protected] | 7.5 | 0.51% | 2025-07-28 | 2026-07-05 |
| CVE-2025-50490 | Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack. | [email protected] | 7.5 | 0.43% | 2025-07-28 | 2026-07-05 |
| CVE-2025-7534 | A vulnerability was found in PHPGurukul Student Result Management System 2.0. It has been classified as critical. Affected is an unknown function of the file /notice-details.php of the component GET Parameter Handler. The manipulation of the argument nid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 5.5 | 0.45% | 2025-07-13 | 2026-06-17 |
| CVE-2025-5599 | A vulnerability classified as critical was found in PHPGurukul Student Result Management System 1.3. This vulnerability affects unknown code of the file /editmyexp.php. The manipulation of the argument emp1ctc leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.9 | 0.39% | 2025-06-04 | 2026-06-17 |
| CVE-2023-48722 | Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database. | [email protected] | 9.8 | 0.67% | 2023-12-21 | 2026-06-17 |
| CVE-2023-48720 | Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | [email protected] | 9.8 | 0.67% | 2023-12-21 | 2026-06-17 |
| CVE-2023-48718 | Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database. | [email protected] | 9.8 | 0.67% | 2023-12-21 | 2026-06-17 |