Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Rail_pass_management_system
(Phpgurukul)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-06-04 | CVE-2025-5554 | A vulnerability, which was classified as critical, has been found in PHPGurukul Rail Pass Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pass-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | Rail_pass_management_system | 8.8 | ||
| 2025-04-29 | CVE-2025-4070 | A vulnerability, which was classified as critical, was found in PHPGurukul Rail Pass Management System 1.0. This affects an unknown part of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | Rail_pass_management_system | 9.8 | ||
| 2025-04-28 | CVE-2025-4039 | A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/search-pass.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | Rail_pass_management_system | 9.8 | ||
| 2023-06-15 | CVE-2023-3275 | A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view-pass-detail.php of the component POST Request Handler. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The identifier VDB-231625 was assigned to this vulnerability. | Rail_pass_management_system | 9.8 | ||
| 2023-07-28 | CVE-2023-31932 | Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-enquiry.php file. | Rail_pass_management_system | 7.2 | ||
| 2023-07-28 | CVE-2023-31933 | Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-pass-detail.php file. | Rail_pass_management_system | 7.2 | ||
| 2023-07-28 | CVE-2023-31934 | Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php. | Rail_pass_management_system | 4.8 | ||
| 2023-07-28 | CVE-2023-31935 | Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the emial parameter of admin-profile.php. | Rail_pass_management_system | 4.8 | ||
| 2023-07-28 | CVE-2023-31936 | Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-pass-detail.php file. | Rail_pass_management_system | 7.2 | ||
| 2023-07-28 | CVE-2023-31937 | Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-cateogry-detail.php file. | Rail_pass_management_system | 7.2 |