Phpgurukul Small Crm vulnerabilities

CVE-2025-15390 [MEDIUM] CWE-862 CVE-2025-15390: A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

CVE-2024-44648 [MEDIUM] CWE-89 CVE-2024-44648: PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via id and adminremark parameters in quote-d PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via id and adminremark parameters in quote-details.php.

CVE-2024-44644 [MEDIUM] CWE-89 CVE-2024-44644: PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the frm_id and aremark parameters in man PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the frm_id and aremark parameters in manage-tickets.php.

CVE-2024-44647 [MEDIUM] CWE-79 CVE-2024-44647: PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via the aremark parameter in ma PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via the aremark parameter in manage-tickets.php.

CVE-2024-44641 [MEDIUM] CWE-89 CVE-2024-44641: PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the oldpass parameter in change-password PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the oldpass parameter in change-password.php.

CVE-2025-11053 [MEDIUM] CWE-74 CVE-2025-11053: A weakness has been identified in PHPGurukul Small CRM 4.0. This affects an unknown function of the A weakness has been identified in PHPGurukul Small CRM 4.0. This affects an unknown function of the file /forgot-password.php. Executing manipulation of the argument email can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.

CVE-2025-10664 [MEDIUM] CWE-74 CVE-2025-10664: A vulnerability was determined in PHPGurukul Small CRM 4.0. This impacts an unknown function of the A vulnerability was determined in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /create-ticket.php. Executing manipulation of the argument subject can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

CVE-2025-10114 [MEDIUM] CWE-74 CVE-2025-10114: A vulnerability was found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functi A vulnerability was found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /profile.php. The manipulation of the argument Name results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.

CVE-2025-10079 [MEDIUM] CWE-74 CVE-2025-10079: A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this vulnerability is an unknown func A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this vulnerability is an unknown functionality of the file /get-quote.php. Executing manipulation of the argument Contact can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.

CVE-2025-9834 [MEDIUM] CWE-79 CVE-2025-9834: A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functional A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /registration.php. Executing manipulation of the argument Username can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.

CVE-2025-50484 [HIGH] CWE-613 CVE-2025-50484: Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0 Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0 allows attackers to execute a session hijacking attack.

CVE-2025-5226 [MEDIUM] CWE-74 CVE-2025-5226: A vulnerability has been found in PHPGurukul Small CRM 3.0 and classified as critical. This vulnerab A vulnerability has been found in PHPGurukul Small CRM 3.0 and classified as critical. This vulnerability affects unknown code of the file /admin/change-password.php. The manipulation of the argument oldpass leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might

CVE-2025-5227 [MEDIUM] CWE-74 CVE-2025-5227: A vulnerability was found in PHPGurukul Small CRM 3.0 and classified as critical. This issue affects A vulnerability was found in PHPGurukul Small CRM 3.0 and classified as critical. This issue affects some unknown processing of the file /admin/manage-tickets.php. The manipulation of the argument aremark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be

CVE-2024-48170 [MEDIUM] CWE-79 CVE-2024-48170: PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload injected PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload injected into the name in the profile.php.

CVE-2024-12999 [MEDIUM] CWE-74 CVE-2024-12999: A vulnerability has been found in PHPGurukul Small CRM 1.0 and classified as critical. This vulnerab A vulnerability has been found in PHPGurukul Small CRM 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-13000 [MEDIUM] CWE-74 CVE-2024-13000: A vulnerability was found in PHPGurukul Small CRM 1.0 and classified as critical. This issue affects A vulnerability was found in PHPGurukul Small CRM 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/quote-details.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-13001 [MEDIUM] CWE-74 CVE-2024-13001: A vulnerability was found in PHPGurukul Small CRM 1.0. It has been classified as critical. Affected A vulnerability was found in PHPGurukul Small CRM 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-3691 [HIGH] CWE-89 CVE-2024-3691: A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. Affec A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. Affected by this issue is some unknown functionality of the component Registration Page. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerabi

CVE-2024-3690 [MEDIUM] CWE-89 CVE-2024-3690: A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Affected by this vulne A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this v