Curfew E Pass Management System
Monthly
Reflected cross-site scripting in PHPGurukul Curfew e-Pass Management System 1.0 allows authenticated high-privilege users to inject malicious scripts via the Fullname or Category parameters in view-pass-detail.php, exploitable only when a victim with sufficient privileges views a crafted link. The CVSS score of 1.9 reflects severe exploitation constraints: high privilege requirement, user interaction dependency, and limited impact scope, despite a public exploit being available.
Stored or reflected cross-site scripting (XSS) in PHPGurukul Curfew e-Pass Management System 1.0 allows authenticated users with high privileges to inject malicious scripts via the catname parameter in edit-category-detail.php, affecting application integrity with low severity (CVSS 1.9, EPSS 0.03%). Publicly available exploit code exists; however, exploitation requires user interaction and high-level administrative credentials, significantly limiting real-world attack surface.
Stored cross-site scripting (XSS) in PHPGurukul Curfew e-Pass Management System 1.0 allows authenticated high-privilege users to inject malicious scripts via the adminname or email parameters in admin-profile.php, affecting user interface integrity and enabling credential theft or malware delivery. The vulnerability requires high-privilege access and user interaction (UI:P), resulting in a CVSS score of 1.9 despite network accessibility. Public exploit code exists but exploitation probability is exceptionally low (EPSS 0.03%, 9th percentile), suggesting this is primarily a demonstration or proof-of-concept rather than an active threat.
Critical SQL injection vulnerability in PHPGurukul Curfew e-Pass Management System 1.0 affecting the /admin/edit-category-detail.php endpoint. An unauthenticated remote attacker can manipulate the 'editid' parameter to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, and system disruption. The vulnerability has been publicly disclosed with proof-of-concept availability, making active exploitation highly likely.
Critical SQL injection vulnerability in PHPGurukul Curfew e-Pass Management System version 1.0, specifically in the /admin/view-pass-detail.php file where the 'viewid' parameter is not properly sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or denial of service. The vulnerability has been publicly disclosed with proof-of-concept code available, making it actively exploitable in the wild.
Critical SQL injection vulnerability in PHPGurukul Curfew e-Pass Management System version 1.0, where unsanitized input in the 'searchdata' parameter of /index.php allows unauthenticated remote attackers to execute arbitrary SQL queries. The vulnerability has been publicly disclosed with exploit code available, enabling attackers to extract sensitive data, modify records, or potentially execute system commands depending on database permissions and backend configuration. This represents an immediate threat to organizations using this system.
A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in PHPGurukul Curfew e-Pass Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Reflected cross-site scripting in PHPGurukul Curfew e-Pass Management System 1.0 allows authenticated high-privilege users to inject malicious scripts via the Fullname or Category parameters in view-pass-detail.php, exploitable only when a victim with sufficient privileges views a crafted link. The CVSS score of 1.9 reflects severe exploitation constraints: high privilege requirement, user interaction dependency, and limited impact scope, despite a public exploit being available.
Stored or reflected cross-site scripting (XSS) in PHPGurukul Curfew e-Pass Management System 1.0 allows authenticated users with high privileges to inject malicious scripts via the catname parameter in edit-category-detail.php, affecting application integrity with low severity (CVSS 1.9, EPSS 0.03%). Publicly available exploit code exists; however, exploitation requires user interaction and high-level administrative credentials, significantly limiting real-world attack surface.
Stored cross-site scripting (XSS) in PHPGurukul Curfew e-Pass Management System 1.0 allows authenticated high-privilege users to inject malicious scripts via the adminname or email parameters in admin-profile.php, affecting user interface integrity and enabling credential theft or malware delivery. The vulnerability requires high-privilege access and user interaction (UI:P), resulting in a CVSS score of 1.9 despite network accessibility. Public exploit code exists but exploitation probability is exceptionally low (EPSS 0.03%, 9th percentile), suggesting this is primarily a demonstration or proof-of-concept rather than an active threat.
Critical SQL injection vulnerability in PHPGurukul Curfew e-Pass Management System 1.0 affecting the /admin/edit-category-detail.php endpoint. An unauthenticated remote attacker can manipulate the 'editid' parameter to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, and system disruption. The vulnerability has been publicly disclosed with proof-of-concept availability, making active exploitation highly likely.
Critical SQL injection vulnerability in PHPGurukul Curfew e-Pass Management System version 1.0, specifically in the /admin/view-pass-detail.php file where the 'viewid' parameter is not properly sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or denial of service. The vulnerability has been publicly disclosed with proof-of-concept code available, making it actively exploitable in the wild.
Critical SQL injection vulnerability in PHPGurukul Curfew e-Pass Management System version 1.0, where unsanitized input in the 'searchdata' parameter of /index.php allows unauthenticated remote attackers to execute arbitrary SQL queries. The vulnerability has been publicly disclosed with exploit code available, enabling attackers to extract sensitive data, modify records, or potentially execute system commands depending on database permissions and backend configuration. This represents an immediate threat to organizations using this system.
A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in PHPGurukul Curfew e-Pass Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.