Phpgurukul User Management System vulnerabilities

5 known vulnerabilities affecting phpgurukul/user_management_system.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2025-10624MEDIUMCVSS 6.9v1.02025-09-17
CVE-2025-10624 [MEDIUM] CWE-74 CVE-2025-10624: A security flaw has been discovered in PHPGurukul User Management System 1.0. This affects an unknow A security flaw has been discovered in PHPGurukul User Management System 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument emailid results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.
cvelistv5nvd
CVE-2025-10098MEDIUMCVSS 5.3v1.02025-09-08
CVE-2025-10098 [MEDIUM] CWE-74 CVE-2025-10098: A security flaw has been discovered in PHPGurukul User Management System 1.0. Affected is an unknown A security flaw has been discovered in PHPGurukul User Management System 1.0. Affected is an unknown function of the file /admin/edit-user-profile.php. The manipulation of the argument uid results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited.
cvelistv5nvd
CVE-2025-9756MEDIUMCVSS 5.3v1.02025-09-01
CVE-2025-9756 [MEDIUM] CWE-74 CVE-2025-9756: A vulnerability was found in PHPGurukul User Management System 1.0. This impacts an unknown function A vulnerability was found in PHPGurukul User Management System 1.0. This impacts an unknown function of the file /admin/change-emailid.php. The manipulation of the argument uid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
cvelistv5nvd
CVE-2025-9302MEDIUMCVSS 6.9v1.02025-08-21
CVE-2025-9302 [MEDIUM] CWE-74 CVE-2025-9302: A vulnerability was identified in PHPGurukul User Management System 1.0. This vulnerability affects A vulnerability was identified in PHPGurukul User Management System 1.0. This vulnerability affects unknown code of the file /signup.php. Such manipulation of the argument emailid leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
cvelistv5nvd
CVE-2024-50991MEDIUMCVSS 4.8v1.02024-11-11
CVE-2024-50991 [MEDIUM] CWE-79 CVE-2024-50991: A Cross Site Scripting (XSS) vulnerability was found in /ums-sp/admin/registered-users.php in PHPGur A Cross Site Scripting (XSS) vulnerability was found in /ums-sp/admin/registered-users.php in PHPGurukul User Management System v1.0, which allows remote attackers to execute arbitrary code via the "fname" POST request parameter
nvd