phpgurukul student_result_management_system CVE Vulnerabilities (8)

CVEs: 8 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting phpgurukul student_result_management_system (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 18 of 8 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2025-56710 A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2.0. This flaw allows an attacker to trick authenticated users into unintentionally modifying their account details. By crafting a malicious HTML page, an attacker can submit unauthorized requests to the vulnerable endpoint: /create-class.php. [email protected] 7.3 0.18% 2025-09-15 2026-06-17
CVE-2025-50489 Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack. [email protected] 7.5 0.51% 2025-07-28 2026-07-05
CVE-2025-50490 Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack. [email protected] 7.5 0.43% 2025-07-28 2026-07-05
CVE-2025-7534 A vulnerability was found in PHPGurukul Student Result Management System 2.0. It has been classified as critical. Affected is an unknown function of the file /notice-details.php of the component GET Parameter Handler. The manipulation of the argument nid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. [email protected] 5.5 0.45% 2025-07-13 2026-06-17
CVE-2025-5599 A vulnerability classified as critical was found in PHPGurukul Student Result Management System 1.3. This vulnerability affects unknown code of the file /editmyexp.php. The manipulation of the argument emp1ctc leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. [email protected] 6.9 0.39% 2025-06-04 2026-06-17
CVE-2023-48722 Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database. [email protected] 9.8 0.67% 2023-12-21 2026-06-17
CVE-2023-48720 Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. [email protected] 9.8 0.67% 2023-12-21 2026-06-17
CVE-2023-48718 Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database. [email protected] 9.8 0.67% 2023-12-21 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence