Phpgurukul Pre-School Enrollment System vulnerabilities

CVE-2025-1966 [MEDIUM] CWE-74 CVE-2025-1966: A vulnerability classified as critical was found in PHPGurukul Pre-School Enrollment System 1.0. Aff A vulnerability classified as critical was found in PHPGurukul Pre-School Enrollment System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-54790 [HIGH] CWE-89 CVE-2024-54790: A SQL Injection vulnerability was found in /index.php in PHPGurukul Pre-School Enrollment System v1. A SQL Injection vulnerability was found in /index.php in PHPGurukul Pre-School Enrollment System v1.0, which allows remote attackers to execute arbitrary code via the visittime parameter.

CVE-2024-54810 [CRITICAL] CWE-89 CVE-2024-54810: A SQL Injection vulnerability was found in /preschool/admin/password-recovery.php in PHPGurukul Pre- A SQL Injection vulnerability was found in /preschool/admin/password-recovery.php in PHPGurukul Pre-School Enrollment System Project v1.0, which allows remote attackers to execute arbitrary code via the mobileno parameter.

CVE-2023-47445 [CRITICAL] CWE-89 CVE-2023-47445: Pre-School Enrollment version 1.0 is vulnerable to SQL Injection via the username parameter in presc Pre-School Enrollment version 1.0 is vulnerable to SQL Injection via the username parameter in preschool/admin/ page.

CVE-2023-47446 [MEDIUM] CWE-79 CVE-2023-47446: Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting (XSS) on the profile.php pag Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting (XSS) on the profile.php page via fullname parameter.