Phpgurukul Bus Pass Management System vulnerabilities

CVE-2025-6288 [MEDIUM] CWE-79 CVE-2025-6288: A vulnerability, which was classified as problematic, has been found in PHPGurukul Bus Pass Manageme A vulnerability, which was classified as problematic, has been found in PHPGurukul Bus Pass Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin-profile.php of the component Profile Page. The manipulation of the argument profile name leads to cross site scripting. The attack may be launched remotely.

CVE-2025-3146 [MEDIUM] CWE-74 CVE-2025-3146: A vulnerability, which was classified as critical, was found in PHPGurukul Bus Pass Management Syste A vulnerability, which was classified as critical, was found in PHPGurukul Bus Pass Management System 1.0. This affects an unknown part of the file /view-pass-detail.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2022-35156 [CRITICAL] CWE-89 CVE-2022-35156: Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searc Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php..

CVE-2022-35155 [MEDIUM] CWE-79 CVE-2022-35155: Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vul Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter.

CVE-2022-36198 [CRITICAL] CWE-89 CVE-2022-36198: Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry. Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php

CVE-2022-29008 [MEDIUM] CWE-639 CVE-2022-29008: An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Managem An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information.

CVE-2021-44315 [HIGH] CWE-552 CVE-2021-44315: In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which al In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server.

CVE-2021-44317 [MEDIUM] CWE-79 CVE-2021-44317: In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us` are affected with a Stored C In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us` are affected with a Stored Cross-site scripting vulnerability.