Phpgurukul Vehicle Parking Management System vulnerabilities

CVE-2021-37805 [MEDIUM] CWE-79 CVE-2021-37805: A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint.

CVE-2021-37806 [MEDIUM] CWE-89 CVE-2021-37806: An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System af An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for a number of seconds used on the (1) editid , (2) viewid, and (3) catename parameters, the server

CVE-2021-27822 [MEDIUM] CWE-79 CVE-2021-27822: A persistent cross site scripting (XSS) vulnerability in the Add Categories module of Vehicle Parkin A persistent cross site scripting (XSS) vulnerability in the Add Categories module of Vehicle Parking Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Category field.

CVE-2020-23936 [CRITICAL] CWE-89 CVE-2020-23936: PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Authentication Bypass via "Usernam PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".