Phpgurukul Client Management System vulnerabilities

8 known vulnerabilities affecting phpgurukul/client_management_system.

Total CVEs

8

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL2HIGH1MEDIUM5

Vulnerabilities

Page 1 of 1

CVE-2024-51209MEDIUMCVSS 5.4v1.22024-11-20

CVE-2024-51209 [MEDIUM] CWE-79 CVE-2024-51209: Cross-Site Scripting (XSS) vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allo Cross-Site Scripting (XSS) vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allow local attackers to inject arbitrary web script or HTML via the search input field parameter to admin search invoice page and client search invoice page.

CVE-2024-48570HIGHCVSS 7.5v1.02024-10-22

CVE-2024-48570 [HIGH] CWE-89 CVE-2024-48570: Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php.

CVE-2024-30990CRITICALCVSS 9.8v1.12024-04-17

CVE-2024-30990 [CRITICAL] CWE-89 CVE-2024-30990: SQL Injection vulnerability in the "Invoices" page in phpgurukul Client Management System using PHP SQL Injection vulnerability in the "Invoices" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "searchdata" parameter.

CVE-2024-30985CRITICALCVSS 9.8v1.12024-04-17

CVE-2024-30985 [CRITICAL] CWE-89 CVE-2024-30985: SQL Injection vulnerability in "B/W Dates Reports" page in phpgurukul Client Management System using SQL Injection vulnerability in "B/W Dates Reports" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "todate" and "fromdate" parameters.

CVE-2024-30989MEDIUMCVSS 5.4v1.12024-04-17

CVE-2024-30989 [MEDIUM] CWE-79 CVE-2024-30989: Cross Site Scripting vulnerability in /edit-client-details.php of phpgurukul Client Management Syste Cross Site Scripting vulnerability in /edit-client-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code via the "cname", "comname", "state" and "city" parameter.

CVE-2024-30987MEDIUMCVSS 6.8v1.12024-04-17

CVE-2024-30987 [MEDIUM] CWE-79 CVE-2024-30987: Cross Site Scripting vulnerability in /bwdates-reports-ds.php of phpgurukul Client Management System Cross Site Scripting vulnerability in /bwdates-reports-ds.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the fromdate and todate parameters.

CVE-2024-30986MEDIUMCVSS 6.5v1.12024-04-17

CVE-2024-30986 [MEDIUM] CWE-79 CVE-2024-30986: Cross Site Scripting vulnerability in /edit-services-details.php of phpgurukul Client Management Sys Cross Site Scripting vulnerability in /edit-services-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and via "price" and "sname" parameter.

CVE-2024-30988MEDIUMCVSS 6.8v1.12024-04-17

CVE-2024-30988 [MEDIUM] CWE-79 CVE-2024-30988: Cross Site Scripting vulnerability in /search-invoices.php of phpgurukul Client Management System us Cross Site Scripting vulnerability in /search-invoices.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the Search bar.