Search

Find a vulnerability

Search criteria

    18 vulnerabilities found for teachers_record_management_system by phpgurukul

    CVE-2025-8951 (GCVE-0-2025-8951)

    Vulnerability from nvd – Published: 2025-08-14 08:02 – Updated: 2025-08-14 19:23
    VLAI
    Title
    PHPGurukul Teachers Record Management System search.php sql injection
    Summary
    A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.319920 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.319920 signaturepermissions-required
    https://vuldb.com/?submit.627738 third-party-advisory
    https://github.com/zzx-yyds/mycve/issues/1 exploitissue-tracking
    https://phpgurukul.com/ product
    Impacted products
    Credits
    zzxyyds (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8951",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-14T19:18:44.191254Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-14T19:23:02.522Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Teachers Record Management System",
              "vendor": "PHPGurukul",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "zzxyyds (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es betrifft eine unbekannte Funktion der Datei /admin/search.php. Durch das Manipulieren des Arguments searchdata mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-14T08:02:07.059Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-319920 | PHPGurukul Teachers Record Management System search.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.319920"
            },
            {
              "name": "VDB-319920 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.319920"
            },
            {
              "name": "Submit #627738 | phpgurukul Teachers Record Management System V2.1 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.627738"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/zzx-yyds/mycve/issues/1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://phpgurukul.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-08-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-08-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-08-13T16:08:41.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "PHPGurukul Teachers Record Management System search.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-8951",
        "datePublished": "2025-08-14T08:02:07.059Z",
        "dateReserved": "2025-08-13T14:03:38.676Z",
        "dateUpdated": "2025-08-14T19:23:02.522Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6888 (GCVE-0-2025-6888)

    Vulnerability from nvd – Published: 2025-06-30 05:02 – Updated: 2025-06-30 16:09
    VLAI
    Title
    PHPGurukul Teachers Record Management System changeimage.php sql injection
    Summary
    A vulnerability was found in PHPGurukul Teachers Record Management System 2.1. It has been classified as critical. This affects an unknown part of the file /admin/changeimage.php. The manipulation of the argument tid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.314367 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.314367 signaturepermissions-required
    https://vuldb.com/?submit.603793 third-party-advisory
    https://github.com/louis-zly/myCVE/issues/3 exploitissue-tracking
    https://phpgurukul.com/ product
    Impacted products
    Credits
    Louis-zly (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6888",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T16:07:18.875661Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T16:09:24.851Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Teachers Record Management System",
              "vendor": "PHPGurukul",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Louis-zly (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in PHPGurukul Teachers Record Management System 2.1. It has been classified as critical. This affects an unknown part of the file /admin/changeimage.php. The manipulation of the argument tid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in PHPGurukul Teachers Record Management System 2.1 ausgemacht. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /admin/changeimage.php. Durch das Beeinflussen des Arguments tid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-30T05:02:07.006Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-314367 | PHPGurukul Teachers Record Management System changeimage.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.314367"
            },
            {
              "name": "VDB-314367 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.314367"
            },
            {
              "name": "Submit #603793 | PHPGurukul Teachers Record Management System V2.1 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.603793"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/louis-zly/myCVE/issues/3"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://phpgurukul.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-06-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-06-28T17:04:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "PHPGurukul Teachers Record Management System changeimage.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-6888",
        "datePublished": "2025-06-30T05:02:07.006Z",
        "dateReserved": "2025-06-28T14:59:43.192Z",
        "dateUpdated": "2025-06-30T16:09:24.851Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6885 (GCVE-0-2025-6885)

    Vulnerability from nvd – Published: 2025-06-30 03:32 – Updated: 2025-06-30 16:33
    VLAI
    Title
    PHPGurukul Teachers Record Management System edit-teacher-detail.php sql injection
    Summary
    A vulnerability, which was classified as critical, was found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/edit-teacher-detail.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.314364 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.314364 signaturepermissions-required
    https://vuldb.com/?submit.603766 third-party-advisory
    https://github.com/louis-zly/myCVE/issues/2 exploitissue-tracking
    https://phpgurukul.com/ product
    Impacted products
    Credits
    Louis-zly (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6885",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T16:32:43.447767Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T16:33:06.867Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Teachers Record Management System",
              "vendor": "PHPGurukul",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Louis-zly (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/edit-teacher-detail.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in PHPGurukul Teachers Record Management System 2.1 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /admin/edit-teacher-detail.php. Mittels Manipulieren des Arguments tid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-30T03:32:07.019Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-314364 | PHPGurukul Teachers Record Management System edit-teacher-detail.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.314364"
            },
            {
              "name": "VDB-314364 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.314364"
            },
            {
              "name": "Submit #603766 | PHPGurukul Teachers Record Management System V2.1 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.603766"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/louis-zly/myCVE/issues/2"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://phpgurukul.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-06-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-06-28T17:00:13.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "PHPGurukul Teachers Record Management System edit-teacher-detail.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-6885",
        "datePublished": "2025-06-30T03:32:07.019Z",
        "dateReserved": "2025-06-28T14:55:09.737Z",
        "dateUpdated": "2025-06-30T16:33:06.867Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-51064 (GCVE-0-2024-51064)

    Vulnerability from nvd – Published: 2024-10-31 00:00 – Updated: 2024-11-01 15:53
    VLAI
    Summary
    Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection via the tid parameter to admin/queries.php.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    phpgurukul teachers_record_management_system Affected: 2.1
        cpe:2.3:a:phpgurukul:teachers_record_management_system:2.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:phpgurukul:teachers_record_management_system:2.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "teachers_record_management_system",
                "vendor": "phpgurukul",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-51064",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-01T15:51:59.103523Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T15:53:09.820Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection via the tid parameter to admin/queries.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-31T18:19:22.801Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "http://phpgurukul.com"
            },
            {
              "url": "https://github.com/0x1c1ph3r/CVEs/tree/main/CVE-2024-51064"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-51064",
        "datePublished": "2024-10-31T00:00:00.000Z",
        "dateReserved": "2024-10-28T00:00:00.000Z",
        "dateUpdated": "2024-11-01T15:53:09.820Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-51063 (GCVE-0-2024-51063)

    Vulnerability from nvd – Published: 2024-10-31 00:00 – Updated: 2024-11-01 16:22
    VLAI
    Summary
    Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection in add-teacher.php via the mobile number or email parameter.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    phpgurukul teachers_record_management_system Affected: 2.1
        cpe:2.3:a:phpgurukul:teachers_record_management_system:2.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:phpgurukul:teachers_record_management_system:2.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "teachers_record_management_system",
                "vendor": "phpgurukul",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-51063",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-01T16:22:02.953347Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T16:22:09.224Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection in add-teacher.php via the mobile number or email parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-31T18:13:05.779Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "http://phpgurukul.com"
            },
            {
              "url": "https://github.com/0x1c1ph3r/CVEs/tree/main/CVE-2024-51063"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-51063",
        "datePublished": "2024-10-31T00:00:00.000Z",
        "dateReserved": "2024-10-28T00:00:00.000Z",
        "dateUpdated": "2024-11-01T16:22:09.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48744 (GCVE-0-2024-48744)

    Vulnerability from nvd – Published: 2024-10-16 00:00 – Updated: 2024-10-16 17:25
    VLAI
    Summary
    A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request parameter.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    phpgurukul teachers_record_management_system Affected: 2.1
        cpe:2.3:a:phpgurukul:teachers_record_management_system:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:phpgurukul:teachers_record_management_system:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "teachers_record_management_system",
                "vendor": "phpgurukul",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48744",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-16T17:22:26.916117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-16T17:25:03.291Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via \"searchinput\" POST request parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-16T14:10:10.551Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/vkcyberexpert/CVE-Writeup/blob/main/PHPGurukul/Teachers%20Record/Reflected%20XSS.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-48744",
        "datePublished": "2024-10-16T00:00:00.000Z",
        "dateReserved": "2024-10-08T00:00:00.000Z",
        "dateUpdated": "2024-10-16T17:25:03.291Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28424 (GCVE-0-2021-28424)

    Vulnerability from nvd – Published: 2021-07-01 14:48 – Updated: 2024-08-03 21:40
    VLAI
    Summary
    A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:40:14.343Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://nhattruong.blog/2021/05/22/cve-2021-28424-teachers-record-management-system-1-0-email-stored-cross-site-scripting-xss-vulnerability-authenticated/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/50019"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/163171/Teachers-Record-Management-System-1.0-Cross-Site-Scripting.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the \u0027email\u0027 POST parameter in adminprofile.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-01T14:48:28.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://nhattruong.blog/2021/05/22/cve-2021-28424-teachers-record-management-system-1-0-email-stored-cross-site-scripting-xss-vulnerability-authenticated/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.exploit-db.com/exploits/50019"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://packetstormsecurity.com/files/163171/Teachers-Record-Management-System-1.0-Cross-Site-Scripting.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-28424",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the \u0027email\u0027 POST parameter in adminprofile.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/",
                  "refsource": "MISC",
                  "url": "https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/"
                },
                {
                  "name": "https://nhattruong.blog/2021/05/22/cve-2021-28424-teachers-record-management-system-1-0-email-stored-cross-site-scripting-xss-vulnerability-authenticated/",
                  "refsource": "MISC",
                  "url": "https://nhattruong.blog/2021/05/22/cve-2021-28424-teachers-record-management-system-1-0-email-stored-cross-site-scripting-xss-vulnerability-authenticated/"
                },
                {
                  "name": "https://www.exploit-db.com/exploits/50019",
                  "refsource": "MISC",
                  "url": "https://www.exploit-db.com/exploits/50019"
                },
                {
                  "name": "https://packetstormsecurity.com/files/163171/Teachers-Record-Management-System-1.0-Cross-Site-Scripting.html",
                  "refsource": "MISC",
                  "url": "https://packetstormsecurity.com/files/163171/Teachers-Record-Management-System-1.0-Cross-Site-Scripting.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-28424",
        "datePublished": "2021-07-01T14:48:28.000Z",
        "dateReserved": "2021-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:40:14.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28423 (GCVE-0-2021-28423)

    Vulnerability from nvd – Published: 2021-07-01 14:38 – Updated: 2025-05-28 22:38
    VLAI
    Summary
    Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:40:14.322Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://nhattruong.blog/2021/05/22/cve-2021-28423-teachers-record-management-system-1-0-searchdata-error-based-sql-injection-authenticated/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/50018"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/163172/Teachers-Record-Management-System-1.0-SQL-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the \u0027editid\u0027 GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the \u0027searchdata\u0027 POST parameter in search.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-28T22:38:04.023Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/"
            },
            {
              "url": "https://nhattruong.blog/2021/05/22/cve-2021-28423-teachers-record-management-system-1-0-searchdata-error-based-sql-injection-authenticated/"
            },
            {
              "url": "https://www.exploit-db.com/exploits/50018"
            },
            {
              "url": "https://packetstormsecurity.com/files/163172/Teachers-Record-Management-System-1.0-SQL-Injection.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-28423",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 allow remote authenticated users to execute arbitrary SQL commands via the \u0027editid\u0027 GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the \u0027searchdata\u0027 POST parameter in search.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/",
                  "refsource": "MISC",
                  "url": "https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/"
                },
                {
                  "name": "https://nhattruong.blog/2021/05/22/cve-2021-28423-teachers-record-management-system-1-0-searchdata-error-based-sql-injection-authenticated/",
                  "refsource": "MISC",
                  "url": "https://nhattruong.blog/2021/05/22/cve-2021-28423-teachers-record-management-system-1-0-searchdata-error-based-sql-injection-authenticated/"
                },
                {
                  "name": "https://www.exploit-db.com/exploits/50018",
                  "refsource": "MISC",
                  "url": "https://www.exploit-db.com/exploits/50018"
                },
                {
                  "name": "https://packetstormsecurity.com/files/163172/Teachers-Record-Management-System-1.0-SQL-Injection.html",
                  "refsource": "MISC",
                  "url": "https://packetstormsecurity.com/files/163172/Teachers-Record-Management-System-1.0-SQL-Injection.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-28423",
        "datePublished": "2021-07-01T14:38:45.000Z",
        "dateReserved": "2021-03-15T00:00:00.000Z",
        "dateUpdated": "2025-05-28T22:38:04.023Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26822 (GCVE-0-2021-26822)

    Vulnerability from nvd – Published: 2021-02-15 20:54 – Updated: 2024-08-03 20:33
    VLAI
    Summary
    Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:33:41.113Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/49562"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-26822"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in \u0027searchteacher\u0027 POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-07T13:13:52.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.exploit-db.com/exploits/49562"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-26822"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-26822",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in \u0027searchteacher\u0027 POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/",
                  "refsource": "MISC",
                  "url": "https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/"
                },
                {
                  "name": "https://www.exploit-db.com/exploits/49562",
                  "refsource": "MISC",
                  "url": "https://www.exploit-db.com/exploits/49562"
                },
                {
                  "name": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-26822",
                  "refsource": "MISC",
                  "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-26822"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-26822",
        "datePublished": "2021-02-15T20:54:51.000Z",
        "dateReserved": "2021-02-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:33:41.113Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-8951 (GCVE-0-2025-8951)

    Vulnerability from cvelistv5 – Published: 2025-08-14 08:02 – Updated: 2025-08-14 19:23
    VLAI
    Title
    PHPGurukul Teachers Record Management System search.php sql injection
    Summary
    A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.319920 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.319920 signaturepermissions-required
    https://vuldb.com/?submit.627738 third-party-advisory
    https://github.com/zzx-yyds/mycve/issues/1 exploitissue-tracking
    https://phpgurukul.com/ product
    Impacted products
    Credits
    zzxyyds (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8951",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-14T19:18:44.191254Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-14T19:23:02.522Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Teachers Record Management System",
              "vendor": "PHPGurukul",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "zzxyyds (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es betrifft eine unbekannte Funktion der Datei /admin/search.php. Durch das Manipulieren des Arguments searchdata mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-14T08:02:07.059Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-319920 | PHPGurukul Teachers Record Management System search.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.319920"
            },
            {
              "name": "VDB-319920 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.319920"
            },
            {
              "name": "Submit #627738 | phpgurukul Teachers Record Management System V2.1 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.627738"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/zzx-yyds/mycve/issues/1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://phpgurukul.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-08-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-08-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-08-13T16:08:41.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "PHPGurukul Teachers Record Management System search.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-8951",
        "datePublished": "2025-08-14T08:02:07.059Z",
        "dateReserved": "2025-08-13T14:03:38.676Z",
        "dateUpdated": "2025-08-14T19:23:02.522Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6888 (GCVE-0-2025-6888)

    Vulnerability from cvelistv5 – Published: 2025-06-30 05:02 – Updated: 2025-06-30 16:09
    VLAI
    Title
    PHPGurukul Teachers Record Management System changeimage.php sql injection
    Summary
    A vulnerability was found in PHPGurukul Teachers Record Management System 2.1. It has been classified as critical. This affects an unknown part of the file /admin/changeimage.php. The manipulation of the argument tid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.314367 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.314367 signaturepermissions-required
    https://vuldb.com/?submit.603793 third-party-advisory
    https://github.com/louis-zly/myCVE/issues/3 exploitissue-tracking
    https://phpgurukul.com/ product
    Impacted products
    Credits
    Louis-zly (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6888",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T16:07:18.875661Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T16:09:24.851Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Teachers Record Management System",
              "vendor": "PHPGurukul",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Louis-zly (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in PHPGurukul Teachers Record Management System 2.1. It has been classified as critical. This affects an unknown part of the file /admin/changeimage.php. The manipulation of the argument tid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in PHPGurukul Teachers Record Management System 2.1 ausgemacht. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /admin/changeimage.php. Durch das Beeinflussen des Arguments tid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-30T05:02:07.006Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-314367 | PHPGurukul Teachers Record Management System changeimage.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.314367"
            },
            {
              "name": "VDB-314367 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.314367"
            },
            {
              "name": "Submit #603793 | PHPGurukul Teachers Record Management System V2.1 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.603793"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/louis-zly/myCVE/issues/3"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://phpgurukul.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-06-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-06-28T17:04:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "PHPGurukul Teachers Record Management System changeimage.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-6888",
        "datePublished": "2025-06-30T05:02:07.006Z",
        "dateReserved": "2025-06-28T14:59:43.192Z",
        "dateUpdated": "2025-06-30T16:09:24.851Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6885 (GCVE-0-2025-6885)

    Vulnerability from cvelistv5 – Published: 2025-06-30 03:32 – Updated: 2025-06-30 16:33
    VLAI
    Title
    PHPGurukul Teachers Record Management System edit-teacher-detail.php sql injection
    Summary
    A vulnerability, which was classified as critical, was found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/edit-teacher-detail.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.314364 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.314364 signaturepermissions-required
    https://vuldb.com/?submit.603766 third-party-advisory
    https://github.com/louis-zly/myCVE/issues/2 exploitissue-tracking
    https://phpgurukul.com/ product
    Impacted products
    Credits
    Louis-zly (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6885",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-30T16:32:43.447767Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-30T16:33:06.867Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Teachers Record Management System",
              "vendor": "PHPGurukul",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Louis-zly (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/edit-teacher-detail.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in PHPGurukul Teachers Record Management System 2.1 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /admin/edit-teacher-detail.php. Mittels Manipulieren des Arguments tid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-30T03:32:07.019Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-314364 | PHPGurukul Teachers Record Management System edit-teacher-detail.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.314364"
            },
            {
              "name": "VDB-314364 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.314364"
            },
            {
              "name": "Submit #603766 | PHPGurukul Teachers Record Management System V2.1 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.603766"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/louis-zly/myCVE/issues/2"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://phpgurukul.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-06-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-06-28T17:00:13.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "PHPGurukul Teachers Record Management System edit-teacher-detail.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-6885",
        "datePublished": "2025-06-30T03:32:07.019Z",
        "dateReserved": "2025-06-28T14:55:09.737Z",
        "dateUpdated": "2025-06-30T16:33:06.867Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-51064 (GCVE-0-2024-51064)

    Vulnerability from cvelistv5 – Published: 2024-10-31 00:00 – Updated: 2024-11-01 15:53
    VLAI
    Summary
    Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection via the tid parameter to admin/queries.php.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    phpgurukul teachers_record_management_system Affected: 2.1
        cpe:2.3:a:phpgurukul:teachers_record_management_system:2.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:phpgurukul:teachers_record_management_system:2.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "teachers_record_management_system",
                "vendor": "phpgurukul",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-51064",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-01T15:51:59.103523Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T15:53:09.820Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection via the tid parameter to admin/queries.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-31T18:19:22.801Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "http://phpgurukul.com"
            },
            {
              "url": "https://github.com/0x1c1ph3r/CVEs/tree/main/CVE-2024-51064"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-51064",
        "datePublished": "2024-10-31T00:00:00.000Z",
        "dateReserved": "2024-10-28T00:00:00.000Z",
        "dateUpdated": "2024-11-01T15:53:09.820Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-51063 (GCVE-0-2024-51063)

    Vulnerability from cvelistv5 – Published: 2024-10-31 00:00 – Updated: 2024-11-01 16:22
    VLAI
    Summary
    Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection in add-teacher.php via the mobile number or email parameter.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    phpgurukul teachers_record_management_system Affected: 2.1
        cpe:2.3:a:phpgurukul:teachers_record_management_system:2.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:phpgurukul:teachers_record_management_system:2.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "teachers_record_management_system",
                "vendor": "phpgurukul",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-51063",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-01T16:22:02.953347Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T16:22:09.224Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection in add-teacher.php via the mobile number or email parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-31T18:13:05.779Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "http://phpgurukul.com"
            },
            {
              "url": "https://github.com/0x1c1ph3r/CVEs/tree/main/CVE-2024-51063"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-51063",
        "datePublished": "2024-10-31T00:00:00.000Z",
        "dateReserved": "2024-10-28T00:00:00.000Z",
        "dateUpdated": "2024-11-01T16:22:09.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-48744 (GCVE-0-2024-48744)

    Vulnerability from cvelistv5 – Published: 2024-10-16 00:00 – Updated: 2024-10-16 17:25
    VLAI
    Summary
    A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request parameter.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    phpgurukul teachers_record_management_system Affected: 2.1
        cpe:2.3:a:phpgurukul:teachers_record_management_system:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:phpgurukul:teachers_record_management_system:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "teachers_record_management_system",
                "vendor": "phpgurukul",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-48744",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-16T17:22:26.916117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-16T17:25:03.291Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via \"searchinput\" POST request parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-16T14:10:10.551Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/vkcyberexpert/CVE-Writeup/blob/main/PHPGurukul/Teachers%20Record/Reflected%20XSS.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-48744",
        "datePublished": "2024-10-16T00:00:00.000Z",
        "dateReserved": "2024-10-08T00:00:00.000Z",
        "dateUpdated": "2024-10-16T17:25:03.291Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28424 (GCVE-0-2021-28424)

    Vulnerability from cvelistv5 – Published: 2021-07-01 14:48 – Updated: 2024-08-03 21:40
    VLAI
    Summary
    A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:40:14.343Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://nhattruong.blog/2021/05/22/cve-2021-28424-teachers-record-management-system-1-0-email-stored-cross-site-scripting-xss-vulnerability-authenticated/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/50019"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/163171/Teachers-Record-Management-System-1.0-Cross-Site-Scripting.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the \u0027email\u0027 POST parameter in adminprofile.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-01T14:48:28.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://nhattruong.blog/2021/05/22/cve-2021-28424-teachers-record-management-system-1-0-email-stored-cross-site-scripting-xss-vulnerability-authenticated/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.exploit-db.com/exploits/50019"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://packetstormsecurity.com/files/163171/Teachers-Record-Management-System-1.0-Cross-Site-Scripting.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-28424",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the \u0027email\u0027 POST parameter in adminprofile.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/",
                  "refsource": "MISC",
                  "url": "https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/"
                },
                {
                  "name": "https://nhattruong.blog/2021/05/22/cve-2021-28424-teachers-record-management-system-1-0-email-stored-cross-site-scripting-xss-vulnerability-authenticated/",
                  "refsource": "MISC",
                  "url": "https://nhattruong.blog/2021/05/22/cve-2021-28424-teachers-record-management-system-1-0-email-stored-cross-site-scripting-xss-vulnerability-authenticated/"
                },
                {
                  "name": "https://www.exploit-db.com/exploits/50019",
                  "refsource": "MISC",
                  "url": "https://www.exploit-db.com/exploits/50019"
                },
                {
                  "name": "https://packetstormsecurity.com/files/163171/Teachers-Record-Management-System-1.0-Cross-Site-Scripting.html",
                  "refsource": "MISC",
                  "url": "https://packetstormsecurity.com/files/163171/Teachers-Record-Management-System-1.0-Cross-Site-Scripting.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-28424",
        "datePublished": "2021-07-01T14:48:28.000Z",
        "dateReserved": "2021-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:40:14.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28423 (GCVE-0-2021-28423)

    Vulnerability from cvelistv5 – Published: 2021-07-01 14:38 – Updated: 2025-05-28 22:38
    VLAI
    Summary
    Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:40:14.322Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://nhattruong.blog/2021/05/22/cve-2021-28423-teachers-record-management-system-1-0-searchdata-error-based-sql-injection-authenticated/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/50018"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/163172/Teachers-Record-Management-System-1.0-SQL-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the \u0027editid\u0027 GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the \u0027searchdata\u0027 POST parameter in search.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-28T22:38:04.023Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/"
            },
            {
              "url": "https://nhattruong.blog/2021/05/22/cve-2021-28423-teachers-record-management-system-1-0-searchdata-error-based-sql-injection-authenticated/"
            },
            {
              "url": "https://www.exploit-db.com/exploits/50018"
            },
            {
              "url": "https://packetstormsecurity.com/files/163172/Teachers-Record-Management-System-1.0-SQL-Injection.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-28423",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 allow remote authenticated users to execute arbitrary SQL commands via the \u0027editid\u0027 GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the \u0027searchdata\u0027 POST parameter in search.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/",
                  "refsource": "MISC",
                  "url": "https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/"
                },
                {
                  "name": "https://nhattruong.blog/2021/05/22/cve-2021-28423-teachers-record-management-system-1-0-searchdata-error-based-sql-injection-authenticated/",
                  "refsource": "MISC",
                  "url": "https://nhattruong.blog/2021/05/22/cve-2021-28423-teachers-record-management-system-1-0-searchdata-error-based-sql-injection-authenticated/"
                },
                {
                  "name": "https://www.exploit-db.com/exploits/50018",
                  "refsource": "MISC",
                  "url": "https://www.exploit-db.com/exploits/50018"
                },
                {
                  "name": "https://packetstormsecurity.com/files/163172/Teachers-Record-Management-System-1.0-SQL-Injection.html",
                  "refsource": "MISC",
                  "url": "https://packetstormsecurity.com/files/163172/Teachers-Record-Management-System-1.0-SQL-Injection.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-28423",
        "datePublished": "2021-07-01T14:38:45.000Z",
        "dateReserved": "2021-03-15T00:00:00.000Z",
        "dateUpdated": "2025-05-28T22:38:04.023Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26822 (GCVE-0-2021-26822)

    Vulnerability from cvelistv5 – Published: 2021-02-15 20:54 – Updated: 2024-08-03 20:33
    VLAI
    Summary
    Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:33:41.113Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/49562"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-26822"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in \u0027searchteacher\u0027 POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-07T13:13:52.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.exploit-db.com/exploits/49562"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-26822"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-26822",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in \u0027searchteacher\u0027 POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/",
                  "refsource": "MISC",
                  "url": "https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/"
                },
                {
                  "name": "https://www.exploit-db.com/exploits/49562",
                  "refsource": "MISC",
                  "url": "https://www.exploit-db.com/exploits/49562"
                },
                {
                  "name": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-26822",
                  "refsource": "MISC",
                  "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-26822"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-26822",
        "datePublished": "2021-02-15T20:54:51.000Z",
        "dateReserved": "2021-02-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:33:41.113Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }