F1Rstb100D

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Daily Expense Tracking System version 1.1 **Description** A SQL injection flaw exists in the '/register.php' file. The manipulation of the `email` argument allows a remote attacker to perform this attack without authentication. **Recommendations** As a temporary workaround, restrict access to the '/register.php' file to minimize the risk of exploitation. Avoid using the `email` parameter in the '/register.php' file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Company Visitor Management System version 2.0 **Description** Remote cross site scripting is possible through the manipulation of the `fromdate` argument in the '/bwdates-reports-details.php' endpoint. Cross site scripting is a flaw that allows an attacker to inject malicious scripts into web pages viewed by other users. **Recommendations** As a temporary workaround, avoid using the `fromdate` parameter in the '/bwdates-reports-details.php' endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Shopping Portal Project version 2.1 Description A flaw exists in PHPGurukul Online Shopping Portal Project 2.1, specifically within an unknown function of the `/admin/update-image3.php` file, related to the Parameter Handler component. Manipulation of the `filename` argument can lead to SQL injection. This attack can be executed remotely. Recommendations Update to a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Shopping Portal Project version 2.1 Description A SQL injection issue exists in PHPGurukul Online Shopping Portal Project 2.1. The issue is located in the `/admin/update-image2.php` file, within a parameter handler. Manipulation of the `filename` argument can lead to SQL injection. The attack can be carried out remotely, and the exploit has been publicly disclosed. Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `/admin/update-image2.php` file.

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Shopping Portal Project version 2.1 Description A security flaw exists in PHPGurukul Online Shopping Portal Project 2.1. The issue is a SQL injection vulnerability within an unknown function in the `/order-details.php` file, specifically through manipulation of the `orderid` parameter. This allows for remote attacks. Recommendations For PHPGurukul Online Shopping Portal Project version 2.1, sanitize the `orderid` parameter in the `/order-details.php` file to prevent SQL injection.

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Shopping Portal Project version 2.1 Description A weakness exists in PHPGurukul Online Shopping Portal Project 2.1 related to SQL injection. The issue is located in the `/cancelorder.php` file within the Parameter Handler component. Manipulation of the `oid` argument can lead to SQL injection, potentially allowing remote attackers to exploit the system. The exploit has been publicly released. Recommendations Update to a newer version of PHPGurukul Online Shopping Portal Project that addresses this issue. As a temporary workaround, restrict access to the `/cancelorder.php` file.

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Shopping Portal Project version 2.1 Description A security flaw exists in PHPGurukul Online Shopping Portal Project 2.1. The issue is related to the manipulation of the `cid` argument in the `/categorywise-products.php` file, leading to a SQL injection. The attack can be launched remotely. The exploit has been released to the public. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Shopping Portal Project version 2.1 Description A SQL injection issue exists in PHPGurukul Online Shopping Portal Project 2.1. The issue is located in the `/admin/update-image1.php` file, within a component identified as the Parameter Handler. Manipulation of the `filename` argument can lead to SQL injection. The attack can be performed remotely and the exploit has been made public. Recommendations Update to a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions PHPGurukul User Registration & Login and User Management System version 3.3 Description A SQL injection issue exists in PHPGurukul User Registration & Login and User Management System version 3.3. The issue is located in the `/admin/yesterday-reg-users.php` file, within an unknown function. Manipulation of the `ID` argument can lead to SQL injection. Remote exploitation is possible. Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `/admin/yesterday-reg-users.php` file.

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Shopping Portal Project version 2.1 Description A security flaw exists in PHPGurukul Online Shopping Portal Project 2.1, specifically within the Parameter Handler component and the `/my-profile.php` file. Manipulation of the `fullname` argument can lead to SQL injection. This issue is remotely exploitable and has been publicly disclosed. Recommendations Update to a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Shopping Portal Project versions up to 2.1 Description A flaw exists in PHPGurukul Online Shopping Portal Project up to version 2.1. The issue is related to SQL injection in an unknown function of the `/pending-orders.php` file through manipulation of the `ID` parameter. The attack can be carried out remotely. Recommendations Update PHPGurukul Online Shopping Portal Project to a version later than 2.1.

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Shopping Portal Project version 2.1 Description A weakness exists in the processing of the `/sub-category.php` file within the Parameter Handler component. Manipulation of the `pid` argument can lead to SQL injection. Remote exploitation is possible. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Shopping Portal Project version 2.1 Description A SQL injection issue exists in PHPGurukul Online Shopping Portal Project 2.1. The issue is located in the `/payment-method.php` file, within the Parameter Handler component. Manipulation of the `paymethod` parameter can trigger a SQL injection. The attack can be initiated remotely and the exploit has been made public. Recommendations Update to a newer version of PHPGurukul Online Shopping Portal Project that addresses this issue.

**Name of the Vulnerable Software and Affected Versions:** PHPGurukul Dairy Farm Shop Management System version 1.3 **Description:** A critical issue exists in PHPGurukul Dairy Farm Shop Management System 1.3. This issue is due to a SQL injection vulnerability within the `invoices.php` and `receipts.php` files. The vulnerability is triggered by manipulating the `del` argument, allowing for remote exploitation. The exploit for this issue has been publicly disclosed. **Recommendations:** Update to a newer version of PHPGurukul Dairy Farm Shop Management System that addresses this SQL injection issue. As a temporary workaround, restrict access to the `invoices.php` and `receipts.php` files. Sanitize the `del` parameter before using it in SQL queries.

Name of the Vulnerable Software and Affected Versions: PHPGurukul Dairy Farm Shop Management System version 1.3 Description: A critical issue exists in PHPGurukul Dairy Farm Shop Management System 1.3. The manipulation of the `invid` argument in an unknown function within the `view-invoice.php` file leads to a SQL injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** PHPGurukul Dairy Farm Shop Management System version 1.3 **Description:** A critical vulnerability exists in PHPGurukul Dairy Farm Shop Management System version 1.3 due to a SQL injection issue in the `/invoice.php` file. The `del` argument can be manipulated to exploit this vulnerability, allowing for remote attacks. The exploit details have been publicly disclosed. **Recommendations:** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** PHPGurukul Dairy Farm Shop Management System version 1.3 **Description:** A critical issue exists in PHPGurukul Dairy Farm Shop Management System 1.3, specifically within the `edit-company.php` file. Manipulation of the `companyname` argument results in a SQL injection. This attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. **Recommendations:** Update to a newer version of PHPGurukul Dairy Farm Shop Management System that addresses this SQL injection issue. As a temporary workaround, restrict access to the `edit-company.php` file or sanitize the `companyname` input to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions:** PHPGurukul Dairy Farm Shop Management System version 1.3 **Description:** A critical issue exists in PHPGurukul Dairy Farm Shop Management System 1.3, affecting the processing of the `edit-category.php` file. Manipulation of the `categorycode` argument results in a SQL injection. The attack can be initiated remotely, and an exploit has been publicly disclosed and may be used. **Recommendations:** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** PHPGurukul Online Library Management System version 3.0 **Description:** A critical issue exists in PHPGurukul Online Library Management System 3.0, specifically within the `/admin/student-history.php` file. Manipulation of the `stdid` argument can lead to a SQL injection. This issue is remotely exploitable, and details about the exploit have been publicly disclosed. **Recommendations:** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** PHPGurukul Online Fire Reporting System version 1.2 **Description:** A critical issue exists in PHPGurukul Online Fire Reporting System 1.2. The `teamid` parameter in the `/admin/new-requests.php` file is susceptible to SQL injection due to improper input validation. This allows for remote exploitation of the system. The exploit has been publicly disclosed. **Recommendations:** Apply input validation and sanitization to the `teamid` parameter in the `/admin/new-requests.php` file.