Anujk305 Medical Card Generation System vulnerabilities

CVE-2025-50367 [MEDIUM] CWE-79 CVE-2025-50367: A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generatio A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript.

CVE-2025-50370 [MEDIUM] CWE-352 CVE-2025-50370: A Cross-Site Request Forgery (CSRF) vulnerability exists in the Inquiry Management functionality /mc A Cross-Site Request Forgery (CSRF) vulnerability exists in the Inquiry Management functionality /mcgs/admin/readenq.php of the Phpgurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authenticated admin to delete inquiry records via a simple GET request, without requiring a CSRF token or validating the origin of the request

CVE-2025-50369 [MEDIUM] CWE-352 CVE-2025-50369: A Cross-Site Request Forgery (CSRF) vulnerability exists in the Manage Card functionality (/mcgs/adm A Cross-Site Request Forgery (CSRF) vulnerability exists in the Manage Card functionality (/mcgs/admin/manage-card.php) of PHPGurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authorized admin to delete medical card records by sending a simple GET request without verifying the origin of the request.

CVE-2024-51108 [MEDIUM] CWE-79 CVE-2024-51108: Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-repo Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fromdate and todate parameters.

CVE-2024-51107 [MEDIUM] CWE-79 CVE-2024-51107: Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.ph Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle, pagedes, and email parameters.

CVE-2024-51106 [MEDIUM] CWE-79 CVE-2024-51106: A cross-site scripting (XSS) vulnerability in the component mcgs/admin/aboutus.php of PHPGURUKUL Med A cross-site scripting (XSS) vulnerability in the component mcgs/admin/aboutus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle parameter.

CVE-2024-48703 [MEDIUM] CWE-79 CVE-2024-48703: PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter.

CVE-2024-10297 [MEDIUM] CWE-89 CVE-2024-10297: A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been rated as cri A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/changeimage.php of the component Managecard Edit Image Page. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit