Phpgurukul Student Result Management System vulnerabilities

CVE-2025-56710 [HIGH] CWE-352 CVE-2025-56710: A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Profile Page of the PHPGuruk A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2.0. This flaw allows an attacker to trick authenticated users into unintentionally modifying their account details. By crafting a malicious HTML page, an attacker can submit unauthorized requests to the vu

CVE-2025-50489 [HIGH] CWE-20 CVE-2025-50489: Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Resul Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.

CVE-2025-50490 [HIGH] CWE-20 CVE-2025-50490: Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Re Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.

CVE-2025-7534 [MEDIUM] CWE-74 CVE-2025-7534: A vulnerability was found in PHPGurukul Student Result Management System 2.0. It has been classified A vulnerability was found in PHPGurukul Student Result Management System 2.0. It has been classified as critical. Affected is an unknown function of the file /notice-details.php of the component GET Parameter Handler. The manipulation of the argument nid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose

CVE-2025-5599 [MEDIUM] CWE-74 CVE-2025-5599: A vulnerability classified as critical was found in PHPGurukul Student Result Management System 1.3. A vulnerability classified as critical was found in PHPGurukul Student Result Management System 1.3. This vulnerability affects unknown code of the file /editmyexp.php. The manipulation of the argument emp1ctc leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2023-48720 [CRITICAL] CWE-89 CVE-2023-48720: Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulner Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE-2023-48718 [CRITICAL] CWE-89 CVE-2023-48718: Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulner Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE-2023-48722 [CRITICAL] CWE-89 CVE-2023-48722: Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulner Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database.