Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Vehicle_parking_management_system
(Phpgurukul)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 9 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-05-09 | CVE-2025-45885 | PHPGURUKUL Vehicle Parking Management System v1.13 is vulnerable to SQL injection in the /vpms/users/login.php file. Attackers can inject malicious code from the parameter 'emailcont' and use it directly in SQL queries. | Vehicle_parking_management_system | N/A | ||
| 2025-05-15 | CVE-2025-4702 | A vulnerability, which was classified as critical, was found in PHPGurukul Vehicle Parking Management System 1.13. Affected is an unknown function of the file /admin/add-category.php. The manipulation of the argument catename leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | Vehicle_parking_management_system | 9.8 | ||
| 2025-05-15 | CVE-2025-4704 | A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-category.php. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | Vehicle_parking_management_system | 7.3 | ||
| 2025-05-15 | CVE-2025-4703 | A vulnerability has been found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | Vehicle_parking_management_system | 9.8 | ||
| 2025-05-15 | CVE-2025-4705 | A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been classified as critical. This affects an unknown part of the file /admin/view-incomingvehicle-detail.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | Vehicle_parking_management_system | 9.8 | ||
| 2020-08-20 | CVE-2020-23936 | PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)". | Vehicle_parking_management_system | 9.8 | ||
| 2021-08-19 | CVE-2021-27822 | A persistent cross site scripting (XSS) vulnerability in the Add Categories module of Vehicle Parking Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Category field. | Vehicle_parking_management_system | 4.8 | ||
| 2021-10-27 | CVE-2021-37805 | A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint. | Vehicle_parking_management_system | 5.4 | ||
| 2021-10-27 | CVE-2021-37806 | An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for a number of seconds used on the (1) editid , (2) viewid, and (3) catename parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further... | Vehicle_parking_management_system | 5.9 |