Phpgurukul Cyber Cafe Management System vulnerabilities

CVE-2025-70892 [CRITICAL] CWE-89 CVE-2025-70892: Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user mana Phpgurukul Cyber Cafe Management System v1.0 contains a SQL Injection vulnerability in the user management module. The application fails to properly validate user-supplied input in the username parameter of the add-users.php endpoint.

CVE-2025-70893 [HIGH] CWE-89 CVE-2025-70893: A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1. A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authenticated attackers to inject arbitrary SQL expressions.

CVE-2025-70890 [MEDIUM] CWE-79 CVE-2025-70890: A stored cross-site scripting (XSS) vulnerability exists in Cyber Cafe Management System v1.0. An au A stored cross-site scripting (XSS) vulnerability exists in Cyber Cafe Management System v1.0. An authenticated attacker can inject arbitrary JavaScript code into the username parameter via the add-users.php endpoint. The injected payload is stored and executed in the victim s browser when the affected page is accessed.

CVE-2025-70891 [MEDIUM] CWE-79 CVE-2025-70891: A stored cross-site scripting (XSS) vulnerability exists in Phpgurukul Cyber Cafe Management System A stored cross-site scripting (XSS) vulnerability exists in Phpgurukul Cyber Cafe Management System v1.0 within the user management module. The application does not properly sanitize or encode user-supplied input submitted via the uadd parameter in the add-users.php endpoint. An authenticated attacker can inject arbitrary JavaScript code that is persi

CVE-2025-11390 [MEDIUM] CWE-79 CVE-2025-11390: A weakness has been identified in PHPGurukul Cyber Cafe Management System 1.0. Affected by this vuln A weakness has been identified in PHPGurukul Cyber Cafe Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /search.php of the component POST Parameter Handler. Executing a manipulation of the argument searchdata can lead to cross site scripting. The attack can be executed remotely. The exploit has been made

CVE-2025-7165 [MEDIUM] CWE-74 CVE-2025-7165: A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 and classified as A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be

CVE-2025-7164 [MEDIUM] CWE-74 CVE-2025-7164: A vulnerability has been found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 and classifi A vulnerability has been found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may

CVE-2025-5358 [MEDIUM] CWE-74 CVE-2025-5358: A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been rate A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to

CVE-2025-4695 [MEDIUM] CWE-74 CVE-2025-4695: A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been clas A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add-users.php. The manipulation of the argument uadd leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-4696 [MEDIUM] CWE-74 CVE-2025-4696: A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been decl A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public an

CVE-2025-4304 [MEDIUM] CWE-74 CVE-2025-4304: A vulnerability, which was classified as critical, was found in PHPGurukul Cyber Cafe Management Sys A vulnerability, which was classified as critical, was found in PHPGurukul Cyber Cafe Management System 1.0. This affects an unknown part of the file /adminprofile.php. The manipulation of the argument mobilenumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other

CVE-2025-4226 [MEDIUM] CWE-74 CVE-2025-4226: A vulnerability classified as critical has been found in PHPGurukul/Campcodes Cyber Cafe Management A vulnerability classified as critical has been found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. This affects an unknown part of the file /add-computer.php. The manipulation of the argument compname/comploc leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2023-38920 [MEDIUM] CWE-79 CVE-2023-38920: Cross Site Scripting vulnerability in Cyber Cafe Management System v.1.0 allows a local attacker to Cross Site Scripting vulnerability in Cyber Cafe Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the adminname parameter.

CVE-2024-30980 [CRITICAL] CWE-89 CVE-2024-30980: SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the Computer Location parameter in manage-computer.php page.

CVE-2024-30981 [CRITICAL] CWE-89 CVE-2024-30981: SQL Injection vulnerability in /edit-computer-detail.php in phpgurukul Cyber Cafe Management System SQL Injection vulnerability in /edit-computer-detail.php in phpgurukul Cyber Cafe Management System Using PHP & MySQL v1.0 allows attackers to run arbitrary SQL commands via editid in the application URL.

CVE-2024-30982 [CRITICAL] CWE-89 CVE-2024-30982: SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the upid parameter in the /view-user-detail.php file.

CVE-2024-30983 [HIGH] CWE-89 CVE-2024-30983: SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the compname parameter in /edit-computer-detail.php file.

CVE-2024-30979 [MEDIUM] CWE-79 CVE-2024-30979: Cross Site Scripting vulnerability in Cyber Cafe Management System 1.0 allows a remote attacker to e Cross Site Scripting vulnerability in Cyber Cafe Management System 1.0 allows a remote attacker to execute arbitrary code via the compname parameter in edit-computer-details.php.

CVE-2023-34666 [MEDIUM] CWE-79 CVE-2023-34666: Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remot Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter.

CVE-2022-29009 [CRITICAL] CWE-89 CVE-2022-29009: Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel o Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.