Phpgurukul Teachers Record Management System vulnerabilities

CVE-2025-8951 [MEDIUM] CWE-74 CVE-2025-8951: A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1. Affected is an u A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-6885 [MEDIUM] CWE-74 CVE-2025-6885: A vulnerability, which was classified as critical, was found in PHPGurukul Teachers Record Managemen A vulnerability, which was classified as critical, was found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/edit-teacher-detail.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be u

CVE-2025-6888 [MEDIUM] CWE-74 CVE-2025-6888: A vulnerability was found in PHPGurukul Teachers Record Management System 2.1. It has been classifie A vulnerability was found in PHPGurukul Teachers Record Management System 2.1. It has been classified as critical. This affects an unknown part of the file /admin/changeimage.php. The manipulation of the argument tid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-51063 [CRITICAL] CWE-89 CVE-2024-51063: Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection in add-teacher.php Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection in add-teacher.php via the mobile number or email parameter.

CVE-2024-51064 [CRITICAL] CWE-89 CVE-2024-51064: Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection via the tid paramet Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection via the tid parameter to admin/queries.php.

CVE-2024-48744 [MEDIUM] CWE-94 CVE-2024-48744: A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPG A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request parameter.

CVE-2023-3187 [MEDIUM] CWE-434 CVE-2023-3187: A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Mana A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Affected by this issue is some unknown functionality of the file /changeimage.php of the component Profile Picture Handler. The manipulation of the argument newpic leads to unrestricted upload. The attack may be launched remotely. The

CVE-2021-28423 [HIGH] CWE-89 CVE-2021-28423: Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remot Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php.

CVE-2021-28424 [MEDIUM] CWE-79 CVE-2021-28424: A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows re A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php.

CVE-2021-26822 [CRITICAL] CWE-89 CVE-2021-26822: Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks.