Vulnerabilities in PHPGurukul

706 results
Vexday analysis

Com 706 CVEs catalogadas e 19 novas entradas nos últimos 90 dias, o portfólio de vulnerabilidades em produtos PHPGurukul demonstra volume expressivo e ritmo contínuo de descoberta. A falha mais prevalente é CWE-89 (SQL Injection), o que é coerente com o perfil de aplicações PHP orientadas a banco de dados; o CVE mais perigoso atualmente ativo é CVE-2023-0562, com score EPSS de 0,4117 — valor relevante que indica probabilidade não negligenciável de exploração. Embora a taxa de exploração confirmada (0 entradas no CISA KEV) esteja abaixo da média geral do catálogo, a existência de 20 vulnerabilidades com PoC pública e 13 de severidade crítica representa superfície de ataque considerável para equipes que dependem dessas aplicações. A presença de código de prova de conceito disponível publicamente eleva o risco prático mesmo sem confirmação formal de exploração em larga escala, exigindo atenção prioritária na aplicação de patches e validação de entradas.

CVE-2025-4695MEDIUMPHPGurukul/Campcodes Cyber Cafe Management System add-users.php sql injectionEPSS 0.3%CVE-2025-4155MEDIUMPHPGurukul Boat Booking System edit-boat.php sql injectionEPSS 0.3%CVE-2025-5368MEDIUMPHPGurukul Daily Expense Tracker System expense-yearwise-reports-detailed.php sql injectionEPSS 0.3%CVE-2025-4778MEDIUMPHPGurukul Park Ticketing Management System normal-search.php sql injectionEPSS 0.3%CVE-2024-13076MEDIUMPHPGurukul Land Record System edit-propertytype.php cross site scriptingEPSS 0.3%CVE-2025-6911MEDIUMPHPGurukul Student Record System manage-subjects.php sql injectionEPSS 0.3%CVE-2024-13077MEDIUMPHPGurukul Land Record System add-property.php cross site scriptingEPSS 0.3%CVE-2025-6908MEDIUMPHPGurukul Old Age Home Management System edit-services.php sql injectionEPSS 0.3%CVE-2024-13013MEDIUMPHPGurukul Maid Hiring Management System Contact Us Page contactus.php cross site scriptingEPSS 0.3%CVE-2025-2047MEDIUMPHPGurukul Art Gallery Management System search.php cross site scriptingEPSS 0.3%CVE-2025-6156MEDIUMPHPGurukul Nipah Virus Testing Management System bwdates-report-ds.php sql injectionEPSS 0.3%CVE-2025-13247MEDIUMPHPGurukul Tourism Management System user-bookings.php sql injectionEPSS 0.3%CVE-2025-12615LOWPHPGurukul News Portal settings.py hard-coded keyEPSS 0.3%CVE-2025-7943MEDIUMPHPGurukul Taxi Stand Management System search-autoortaxi.php cross site scriptingEPSS 0.3%CVE-2025-7944MEDIUMPHPGurukul Taxi Stand Management System search.php cross site scriptingEPSS 0.3%CVE-2025-2371MEDIUMPHPGurukul Human Metapneumovirus Testing Management System Registered Mobile Number Search registered-user-testing.php cross site scriptingEPSS 0.3%CVE-2025-4780MEDIUMPHPGurukul Park Ticketing Management System foreigner-search.php sql injectionEPSS 0.3%CVE-2025-2084MEDIUMPHPGurukul Human Metapneumovirus Testing Management System Search Report Page search-report.php cross site scriptingEPSS 0.3%CVE-2026-1160MEDIUMPHPGurukul Directory Management System Search index.php sql injectionEPSS 0.3%CVE-2025-11390MEDIUMPHPGurukul Cyber Cafe Management System POST Parameter search.php cross site scriptingEPSS 0.3%