Search criteria
34 vulnerabilities found for Emergency Ambulance Hiring Portal by PHPGurukul
CVE-2025-6310 (GCVE-0-2025-6310)
Vulnerability from cvelistv5 – Published: 2025-06-20 05:00 – Updated: 2025-06-20 19:30
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal index.php sql injection
Summary
A vulnerability, which was classified as critical, has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Message leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6310",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-20T19:29:59.335852Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T19:30:14.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Message leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in PHPGurukul Emergency Ambulance Hiring Portal 1.0 entdeckt. Davon betroffen ist unbekannter Code der Datei /index.php. Durch Manipulieren des Arguments Message mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T05:00:20.840Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-313310 | PHPGurukul Emergency Ambulance Hiring Portal index.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.313310"
},
{
"name": "VDB-313310 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.313310"
},
{
"name": "Submit #595917 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.595917"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/f1rstb100d/myCVE/issues/70"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-19T11:53:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal index.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6310",
"datePublished": "2025-06-20T05:00:20.840Z",
"dateReserved": "2025-06-19T09:48:26.985Z",
"dateUpdated": "2025-06-20T19:30:14.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6309 (GCVE-0-2025-6309)
Vulnerability from cvelistv5 – Published: 2025-06-20 05:00 – Updated: 2025-06-20 19:39
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal add-ambulance.php sql injection
Summary
A vulnerability classified as critical was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-ambulance.php. The manipulation of the argument ambregnum leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6309",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-20T19:30:46.658770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T19:39:56.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-ambulance.php. The manipulation of the argument ambregnum leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul Emergency Ambulance Hiring Portal 1.0 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei /admin/add-ambulance.php. Durch das Manipulieren des Arguments ambregnum mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T05:00:15.982Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-313309 | PHPGurukul Emergency Ambulance Hiring Portal add-ambulance.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.313309"
},
{
"name": "VDB-313309 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.313309"
},
{
"name": "Submit #595916 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.595916"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/f1rstb100d/myCVE/issues/69"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-19T11:53:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal add-ambulance.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6309",
"datePublished": "2025-06-20T05:00:15.982Z",
"dateReserved": "2025-06-19T09:48:24.426Z",
"dateUpdated": "2025-06-20T19:39:56.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6308 (GCVE-0-2025-6308)
Vulnerability from cvelistv5 – Published: 2025-06-20 04:31 – Updated: 2025-06-23 20:20
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal bwdates-request-report-details.php sql injection
Summary
A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/bwdates-request-report-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6308",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T20:19:59.914569Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T20:20:20.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/bwdates-request-report-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in PHPGurukul Emergency Ambulance Hiring Portal 1.0 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei /admin/bwdates-request-report-details.php. Mittels Manipulieren des Arguments fromdate/todate mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T04:31:08.550Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-313308 | PHPGurukul Emergency Ambulance Hiring Portal bwdates-request-report-details.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.313308"
},
{
"name": "VDB-313308 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.313308"
},
{
"name": "Submit #595915 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.595915"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/f1rstb100d/myCVE/issues/68"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-19T11:53:41.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal bwdates-request-report-details.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6308",
"datePublished": "2025-06-20T04:31:08.550Z",
"dateReserved": "2025-06-19T09:48:21.652Z",
"dateUpdated": "2025-06-23T20:20:20.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4265 (GCVE-0-2025-4265)
Vulnerability from cvelistv5 – Published: 2025-05-05 05:00 – Updated: 2025-05-05 14:34
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal contact-us.php sql injection
Summary
A vulnerability classified as critical was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/contact-us.php. The manipulation of the argument mobnum leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
Credits
xiguala123 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4265",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T14:33:29.905290Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T14:34:42.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xiguala123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/contact-us.php. The manipulation of the argument mobnum leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well."
},
{
"lang": "de",
"value": "In PHPGurukul Emergency Ambulance Hiring Portal 1.0 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei /admin/contact-us.php. Durch das Manipulieren des Arguments mobnum mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T05:00:08.791Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-307369 | PHPGurukul Emergency Ambulance Hiring Portal contact-us.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.307369"
},
{
"name": "VDB-307369 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.307369"
},
{
"name": "Submit #562993 | PHPGurukul Emergency Ambulance Hiring Portal V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.562993"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/xiguala123/myCVE/issues/2"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-05-04T20:16:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal contact-us.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4265",
"datePublished": "2025-05-05T05:00:08.791Z",
"dateReserved": "2025-05-04T18:11:45.455Z",
"dateUpdated": "2025-05-05T14:34:42.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4264 (GCVE-0-2025-4264)
Vulnerability from cvelistv5 – Published: 2025-05-05 04:31 – Updated: 2025-05-05 14:56
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal edit-ambulance.php sql injection
Summary
A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/edit-ambulance.php. The manipulation of the argument dconnum leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
Credits
xiguala123 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4264",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T14:36:27.151948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T14:56:22.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xiguala123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/edit-ambulance.php. The manipulation of the argument dconnum leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in PHPGurukul Emergency Ambulance Hiring Portal 1.0 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei /admin/edit-ambulance.php. Mittels Manipulieren des Arguments dconnum mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T04:31:05.832Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-307368 | PHPGurukul Emergency Ambulance Hiring Portal edit-ambulance.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.307368"
},
{
"name": "VDB-307368 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.307368"
},
{
"name": "Submit #562992 | PHPGurukul Emergency Ambulance Hiring Portal V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.562992"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/xiguala123/myCVE/issues/1"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-05-04T20:16:50.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal edit-ambulance.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4264",
"datePublished": "2025-05-05T04:31:05.832Z",
"dateReserved": "2025-05-04T18:11:42.279Z",
"dateUpdated": "2025-05-05T14:56:22.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2060 (GCVE-0-2025-2060)
Vulnerability from cvelistv5 – Published: 2025-03-07 02:31 – Updated: 2025-03-10 19:47
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal admin-profile.php sql injection
Summary
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as critical. This affects an unknown part of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
Credits
siznwaa (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2060",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T19:45:59.730388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T19:47:15.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "siznwaa (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as critical. This affects an unknown part of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in PHPGurukul Emergency Ambulance Hiring Portal 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /admin/admin-profile.php. Dank der Manipulation des Arguments contactnumber mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T02:31:05.723Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298815 | PHPGurukul Emergency Ambulance Hiring Portal admin-profile.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.298815"
},
{
"name": "VDB-298815 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298815"
},
{
"name": "Submit #514523 | PHPGurukul Emergency Ambulance Hiring Portal V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.514523"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/siznwaa/CVE/issues/3"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-06T16:45:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal admin-profile.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2060",
"datePublished": "2025-03-07T02:31:05.723Z",
"dateReserved": "2025-03-06T15:39:56.036Z",
"dateUpdated": "2025-03-10T19:47:15.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2059 (GCVE-0-2025-2059)
Vulnerability from cvelistv5 – Published: 2025-03-07 02:00 – Updated: 2025-03-10 19:49
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal booking-details.php sql injection
Summary
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/booking-details.php. The manipulation of the argument ambulanceregnum leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
Credits
siznwaa (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2059",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T19:48:53.108694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T19:49:03.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "siznwaa (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/booking-details.php. The manipulation of the argument ambulanceregnum leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in PHPGurukul Emergency Ambulance Hiring Portal 1.0 gefunden. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /admin/booking-details.php. Durch Beeinflussen des Arguments ambulanceregnum mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T02:00:08.654Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298814 | PHPGurukul Emergency Ambulance Hiring Portal booking-details.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.298814"
},
{
"name": "VDB-298814 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298814"
},
{
"name": "Submit #514522 | PHPGurukul Emergency Ambulance Hiring Portal V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.514522"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/siznwaa/CVE/issues/4"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-06T16:45:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal booking-details.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2059",
"datePublished": "2025-03-07T02:00:08.654Z",
"dateReserved": "2025-03-06T15:39:53.000Z",
"dateUpdated": "2025-03-10T19:49:03.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2058 (GCVE-0-2025-2058)
Vulnerability from cvelistv5 – Published: 2025-03-07 01:31 – Updated: 2025-03-07 16:35
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal search.php sql injection
Summary
A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
Credits
12T4 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2058",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T16:34:33.496363Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T16:35:35.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "12T4 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul Emergency Ambulance Hiring Portal 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /admin/search.php. Durch das Beeinflussen des Arguments searchdata mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T01:31:05.685Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298813 | PHPGurukul Emergency Ambulance Hiring Portal search.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.298813"
},
{
"name": "VDB-298813 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298813"
},
{
"name": "Submit #514462 | PHPGurukul Emergency Ambulance Hiring Portal V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.514462"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/12T40910/CVE/issues/4"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-06T16:45:08.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal search.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2058",
"datePublished": "2025-03-07T01:31:05.685Z",
"dateReserved": "2025-03-06T15:39:50.209Z",
"dateUpdated": "2025-03-07T16:35:35.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2057 (GCVE-0-2025-2057)
Vulnerability from cvelistv5 – Published: 2025-03-07 01:00 – Updated: 2025-03-07 16:36
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal about-us.php sql injection
Summary
A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/about-us.php. The manipulation of the argument pagedes leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
Credits
12T4 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2057",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T16:36:21.414174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T16:36:34.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "12T4 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/about-us.php. The manipulation of the argument pagedes leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in PHPGurukul Emergency Ambulance Hiring Portal 1.0 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /admin/about-us.php. Durch Manipulieren des Arguments pagedes mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T01:00:09.198Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298812 | PHPGurukul Emergency Ambulance Hiring Portal about-us.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.298812"
},
{
"name": "VDB-298812 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298812"
},
{
"name": "Submit #514461 | PHPGurukul Emergency Ambulance Hiring Portal V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.514461"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/12T40910/CVE/issues/5"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-06T16:45:06.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal about-us.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2057",
"datePublished": "2025-03-07T01:00:09.198Z",
"dateReserved": "2025-03-06T15:39:47.829Z",
"dateUpdated": "2025-03-07T16:36:34.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3091 (GCVE-0-2024-3091)
Vulnerability from cvelistv5 – Published: 2024-03-30 13:31 – Updated: 2024-08-01 19:32
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal Search Request Page search.php cross site scripting
Summary
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/search.php of the component Search Request Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258684.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
Credits
dhabaleshwar (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpgurukul:emergency_ambulance_hiring_portal:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emergency_ambulance_hiring_portal",
"vendor": "phpgurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3091",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T15:43:01.574458Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T18:28:07.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258684 | PHPGurukul Emergency Ambulance Hiring Portal Search Request Page search.php cross site scripting",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.258684"
},
{
"name": "VDB-258684 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258684"
},
{
"name": "Submit #306965 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Cross Site Scripting",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.306965"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_authrxss.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Search Request Page"
],
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dhabaleshwar (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/search.php of the component Search Request Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258684."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in PHPGurukul Emergency Ambulance Hiring Portal 1.0 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Datei /admin/search.php der Komponente Search Request Page. Durch Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-30T13:31:03.574Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258684 | PHPGurukul Emergency Ambulance Hiring Portal Search Request Page search.php cross site scripting",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.258684"
},
{
"name": "VDB-258684 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258684"
},
{
"name": "Submit #306965 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.306965"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_authrxss.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-29T15:32:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal Search Request Page search.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3091",
"datePublished": "2024-03-30T13:31:03.574Z",
"dateReserved": "2024-03-29T14:27:20.757Z",
"dateUpdated": "2024-08-01T19:32:42.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3090 (GCVE-0-2024-3090)
Vulnerability from cvelistv5 – Published: 2024-03-30 13:00 – Updated: 2024-08-21 22:42
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal Add Ambulance Page add-ambulance.php cross site scripting
Summary
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/add-ambulance.php of the component Add Ambulance Page. The manipulation of the argument Ambulance Reg No/Driver Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258683.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
Credits
dhabaleshwar (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258683 | PHPGurukul Emergency Ambulance Hiring Portal Add Ambulance Page add-ambulance.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.258683"
},
{
"name": "VDB-258683 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258683"
},
{
"name": "Submit #306964 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Cross Site Scripting",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.306964"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_authsxss.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpgurukul:emergency_ambulance_hiring_portal:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emergency_ambulance_hiring_portal",
"vendor": "phpgurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3090",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-11T17:48:49.879815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T22:42:39.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Add Ambulance Page"
],
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dhabaleshwar (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/add-ambulance.php of the component Add Ambulance Page. The manipulation of the argument Ambulance Reg No/Driver Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258683."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in PHPGurukul Emergency Ambulance Hiring Portal 1.0 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei /admin/add-ambulance.php der Komponente Add Ambulance Page. Durch das Manipulieren des Arguments Ambulance Reg No/Driver Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-30T13:00:04.772Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258683 | PHPGurukul Emergency Ambulance Hiring Portal Add Ambulance Page add-ambulance.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.258683"
},
{
"name": "VDB-258683 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258683"
},
{
"name": "Submit #306964 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.306964"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_authsxss.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-29T15:32:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal Add Ambulance Page add-ambulance.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3090",
"datePublished": "2024-03-30T13:00:04.772Z",
"dateReserved": "2024-03-29T14:27:17.803Z",
"dateUpdated": "2024-08-21T22:42:39.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3089 (GCVE-0-2024-3089)
Vulnerability from cvelistv5 – Published: 2024-03-30 11:31 – Updated: 2024-08-01 19:32
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal Manage Ambulance Page manage-ambulance.php cross-site request forgery
Summary
A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/manage-ambulance.php of the component Manage Ambulance Page. The manipulation of the argument del leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258682 is the identifier assigned to this vulnerability.
Severity ?
4.3 (Medium)
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
Credits
dhabaleshwar (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpgurukul:emergency_ambulance_hiring_portal:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emergency_ambulance_hiring_portal",
"vendor": "phpgurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3089",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-01T19:27:32.670772Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T19:03:11.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258682 | PHPGurukul Emergency Ambulance Hiring Portal Manage Ambulance Page manage-ambulance.php cross-site request forgery",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.258682"
},
{
"name": "VDB-258682 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258682"
},
{
"name": "Submit #306963 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Cross Site Request Forgery",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.306963"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_csrf.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Manage Ambulance Page"
],
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dhabaleshwar (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/manage-ambulance.php of the component Manage Ambulance Page. The manipulation of the argument del leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258682 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "In PHPGurukul Emergency Ambulance Hiring Portal 1.0 wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/manage-ambulance.php der Komponente Manage Ambulance Page. Mittels Manipulieren des Arguments del mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-30T11:31:03.732Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258682 | PHPGurukul Emergency Ambulance Hiring Portal Manage Ambulance Page manage-ambulance.php cross-site request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.258682"
},
{
"name": "VDB-258682 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258682"
},
{
"name": "Submit #306963 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Cross Site Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.306963"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_csrf.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-29T15:32:41.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal Manage Ambulance Page manage-ambulance.php cross-site request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3089",
"datePublished": "2024-03-30T11:31:03.732Z",
"dateReserved": "2024-03-29T14:27:15.069Z",
"dateUpdated": "2024-08-01T19:32:42.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3088 (GCVE-0-2024-3088)
Vulnerability from cvelistv5 – Published: 2024-03-30 11:00 – Updated: 2025-08-27 21:23
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal Forgot Password Page forgot-password.php sql injection
Summary
A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. This affects an unknown part of the file /admin/forgot-password.php of the component Forgot Password Page. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258681 was assigned to this vulnerability.
Severity ?
7.3 (High)
7.3 (High)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
Credits
dhabaleshwar (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258681 | PHPGurukul Emergency Ambulance Hiring Portal Forgot Password Page forgot-password.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.258681"
},
{
"name": "VDB-258681 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258681"
},
{
"name": "Submit #306962 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 SQL Injection",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.306962"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_forgotpasssqli.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-01T17:31:37.994438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:23:01.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Forgot Password Page"
],
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dhabaleshwar (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. This affects an unknown part of the file /admin/forgot-password.php of the component Forgot Password Page. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258681 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in PHPGurukul Emergency Ambulance Hiring Portal 1.0 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /admin/forgot-password.php der Komponente Forgot Password Page. Mittels dem Manipulieren des Arguments username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-30T11:00:05.544Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258681 | PHPGurukul Emergency Ambulance Hiring Portal Forgot Password Page forgot-password.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.258681"
},
{
"name": "VDB-258681 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258681"
},
{
"name": "Submit #306962 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.306962"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_forgotpasssqli.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-29T15:32:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal Forgot Password Page forgot-password.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3088",
"datePublished": "2024-03-30T11:00:05.544Z",
"dateReserved": "2024-03-29T14:27:12.231Z",
"dateUpdated": "2025-08-27T21:23:01.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3087 (GCVE-0-2024-3087)
Vulnerability from cvelistv5 – Published: 2024-03-30 10:31 – Updated: 2024-08-21 22:43
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal Ambulance Tracking Page ambulance-tracking.php sql injection
Summary
A vulnerability, which was classified as critical, has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this issue is some unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258680.
Severity ?
7.3 (High)
7.3 (High)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
Credits
dhabaleshwar (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258680 | PHPGurukul Emergency Ambulance Hiring Portal Ambulance Tracking Page ambulance-tracking.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.258680"
},
{
"name": "VDB-258680 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258680"
},
{
"name": "Submit #306961 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Remote Code Execution",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.306961"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_rce.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpgurukul:emergency_ambulance_hiring_portal:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emergency_ambulance_hiring_portal",
"vendor": "phpgurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3087",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-02T14:31:12.482917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T22:43:08.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Ambulance Tracking Page"
],
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dhabaleshwar (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this issue is some unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258680."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in PHPGurukul Emergency Ambulance Hiring Portal 1.0 entdeckt. Davon betroffen ist unbekannter Code der Datei ambulance-tracking.php der Komponente Ambulance Tracking Page. Durch Manipulation des Arguments searchdata mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-30T10:31:04.302Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258680 | PHPGurukul Emergency Ambulance Hiring Portal Ambulance Tracking Page ambulance-tracking.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.258680"
},
{
"name": "VDB-258680 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258680"
},
{
"name": "Submit #306961 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Remote Code Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.306961"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_rce.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-29T15:32:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal Ambulance Tracking Page ambulance-tracking.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3087",
"datePublished": "2024-03-30T10:31:04.302Z",
"dateReserved": "2024-03-29T14:27:09.331Z",
"dateUpdated": "2024-08-21T22:43:08.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3086 (GCVE-0-2024-3086)
Vulnerability from cvelistv5 – Published: 2024-03-30 09:00 – Updated: 2024-08-12 13:32
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal Ambulance Tracking Page ambulance-tracking.php cross site scripting
Summary
A vulnerability classified as problematic was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258679.
Severity ?
4.3 (Medium)
4.3 (Medium)
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
Credits
dhabaleshwar (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258679 | PHPGurukul Emergency Ambulance Hiring Portal Ambulance Tracking Page ambulance-tracking.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.258679"
},
{
"name": "VDB-258679 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258679"
},
{
"name": "Submit #306960 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Cross Site Scripting",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.306960"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_rxss.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpgurukul:emergency_ambulance_hiring_portal:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emergency_ambulance_hiring_portal",
"vendor": "phpgurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3086",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-01T18:42:36.807933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T13:32:04.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Ambulance Tracking Page"
],
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dhabaleshwar (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258679."
},
{
"lang": "de",
"value": "In PHPGurukul Emergency Ambulance Hiring Portal 1.0 wurde eine problematische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei ambulance-tracking.php der Komponente Ambulance Tracking Page. Durch die Manipulation des Arguments searchdata mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-30T09:00:04.100Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258679 | PHPGurukul Emergency Ambulance Hiring Portal Ambulance Tracking Page ambulance-tracking.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.258679"
},
{
"name": "VDB-258679 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258679"
},
{
"name": "Submit #306960 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.306960"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_rxss.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-29T15:32:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal Ambulance Tracking Page ambulance-tracking.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3086",
"datePublished": "2024-03-30T09:00:04.100Z",
"dateReserved": "2024-03-29T14:27:06.924Z",
"dateUpdated": "2024-08-12T13:32:04.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6310 (GCVE-0-2025-6310)
Vulnerability from nvd – Published: 2025-06-20 05:00 – Updated: 2025-06-20 19:30
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal index.php sql injection
Summary
A vulnerability, which was classified as critical, has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Message leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6310",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-20T19:29:59.335852Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T19:30:14.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Message leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in PHPGurukul Emergency Ambulance Hiring Portal 1.0 entdeckt. Davon betroffen ist unbekannter Code der Datei /index.php. Durch Manipulieren des Arguments Message mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T05:00:20.840Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-313310 | PHPGurukul Emergency Ambulance Hiring Portal index.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.313310"
},
{
"name": "VDB-313310 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.313310"
},
{
"name": "Submit #595917 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.595917"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/f1rstb100d/myCVE/issues/70"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-19T11:53:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal index.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6310",
"datePublished": "2025-06-20T05:00:20.840Z",
"dateReserved": "2025-06-19T09:48:26.985Z",
"dateUpdated": "2025-06-20T19:30:14.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6309 (GCVE-0-2025-6309)
Vulnerability from nvd – Published: 2025-06-20 05:00 – Updated: 2025-06-20 19:39
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal add-ambulance.php sql injection
Summary
A vulnerability classified as critical was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-ambulance.php. The manipulation of the argument ambregnum leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6309",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-20T19:30:46.658770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T19:39:56.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-ambulance.php. The manipulation of the argument ambregnum leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul Emergency Ambulance Hiring Portal 1.0 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei /admin/add-ambulance.php. Durch das Manipulieren des Arguments ambregnum mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T05:00:15.982Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-313309 | PHPGurukul Emergency Ambulance Hiring Portal add-ambulance.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.313309"
},
{
"name": "VDB-313309 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.313309"
},
{
"name": "Submit #595916 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.595916"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/f1rstb100d/myCVE/issues/69"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-19T11:53:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal add-ambulance.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6309",
"datePublished": "2025-06-20T05:00:15.982Z",
"dateReserved": "2025-06-19T09:48:24.426Z",
"dateUpdated": "2025-06-20T19:39:56.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6308 (GCVE-0-2025-6308)
Vulnerability from nvd – Published: 2025-06-20 04:31 – Updated: 2025-06-23 20:20
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal bwdates-request-report-details.php sql injection
Summary
A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/bwdates-request-report-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6308",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T20:19:59.914569Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T20:20:20.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/bwdates-request-report-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in PHPGurukul Emergency Ambulance Hiring Portal 1.0 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei /admin/bwdates-request-report-details.php. Mittels Manipulieren des Arguments fromdate/todate mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T04:31:08.550Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-313308 | PHPGurukul Emergency Ambulance Hiring Portal bwdates-request-report-details.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.313308"
},
{
"name": "VDB-313308 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.313308"
},
{
"name": "Submit #595915 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.595915"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/f1rstb100d/myCVE/issues/68"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-19T11:53:41.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal bwdates-request-report-details.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6308",
"datePublished": "2025-06-20T04:31:08.550Z",
"dateReserved": "2025-06-19T09:48:21.652Z",
"dateUpdated": "2025-06-23T20:20:20.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4265 (GCVE-0-2025-4265)
Vulnerability from nvd – Published: 2025-05-05 05:00 – Updated: 2025-05-05 14:34
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal contact-us.php sql injection
Summary
A vulnerability classified as critical was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/contact-us.php. The manipulation of the argument mobnum leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
Credits
xiguala123 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4265",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T14:33:29.905290Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T14:34:42.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xiguala123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/contact-us.php. The manipulation of the argument mobnum leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well."
},
{
"lang": "de",
"value": "In PHPGurukul Emergency Ambulance Hiring Portal 1.0 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei /admin/contact-us.php. Durch das Manipulieren des Arguments mobnum mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T05:00:08.791Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-307369 | PHPGurukul Emergency Ambulance Hiring Portal contact-us.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.307369"
},
{
"name": "VDB-307369 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.307369"
},
{
"name": "Submit #562993 | PHPGurukul Emergency Ambulance Hiring Portal V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.562993"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/xiguala123/myCVE/issues/2"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-05-04T20:16:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal contact-us.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4265",
"datePublished": "2025-05-05T05:00:08.791Z",
"dateReserved": "2025-05-04T18:11:45.455Z",
"dateUpdated": "2025-05-05T14:34:42.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4264 (GCVE-0-2025-4264)
Vulnerability from nvd – Published: 2025-05-05 04:31 – Updated: 2025-05-05 14:56
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal edit-ambulance.php sql injection
Summary
A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/edit-ambulance.php. The manipulation of the argument dconnum leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
Credits
xiguala123 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4264",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T14:36:27.151948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T14:56:22.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xiguala123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/edit-ambulance.php. The manipulation of the argument dconnum leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in PHPGurukul Emergency Ambulance Hiring Portal 1.0 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei /admin/edit-ambulance.php. Mittels Manipulieren des Arguments dconnum mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T04:31:05.832Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-307368 | PHPGurukul Emergency Ambulance Hiring Portal edit-ambulance.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.307368"
},
{
"name": "VDB-307368 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.307368"
},
{
"name": "Submit #562992 | PHPGurukul Emergency Ambulance Hiring Portal V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.562992"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/xiguala123/myCVE/issues/1"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-05-04T20:16:50.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal edit-ambulance.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4264",
"datePublished": "2025-05-05T04:31:05.832Z",
"dateReserved": "2025-05-04T18:11:42.279Z",
"dateUpdated": "2025-05-05T14:56:22.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2060 (GCVE-0-2025-2060)
Vulnerability from nvd – Published: 2025-03-07 02:31 – Updated: 2025-03-10 19:47
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal admin-profile.php sql injection
Summary
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as critical. This affects an unknown part of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
Credits
siznwaa (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2060",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T19:45:59.730388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T19:47:15.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "siznwaa (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as critical. This affects an unknown part of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in PHPGurukul Emergency Ambulance Hiring Portal 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /admin/admin-profile.php. Dank der Manipulation des Arguments contactnumber mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T02:31:05.723Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298815 | PHPGurukul Emergency Ambulance Hiring Portal admin-profile.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.298815"
},
{
"name": "VDB-298815 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298815"
},
{
"name": "Submit #514523 | PHPGurukul Emergency Ambulance Hiring Portal V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.514523"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/siznwaa/CVE/issues/3"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-06T16:45:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal admin-profile.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2060",
"datePublished": "2025-03-07T02:31:05.723Z",
"dateReserved": "2025-03-06T15:39:56.036Z",
"dateUpdated": "2025-03-10T19:47:15.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2059 (GCVE-0-2025-2059)
Vulnerability from nvd – Published: 2025-03-07 02:00 – Updated: 2025-03-10 19:49
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal booking-details.php sql injection
Summary
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/booking-details.php. The manipulation of the argument ambulanceregnum leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
Credits
siznwaa (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2059",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T19:48:53.108694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T19:49:03.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "siznwaa (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/booking-details.php. The manipulation of the argument ambulanceregnum leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in PHPGurukul Emergency Ambulance Hiring Portal 1.0 gefunden. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /admin/booking-details.php. Durch Beeinflussen des Arguments ambulanceregnum mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T02:00:08.654Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298814 | PHPGurukul Emergency Ambulance Hiring Portal booking-details.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.298814"
},
{
"name": "VDB-298814 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298814"
},
{
"name": "Submit #514522 | PHPGurukul Emergency Ambulance Hiring Portal V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.514522"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/siznwaa/CVE/issues/4"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-06T16:45:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal booking-details.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2059",
"datePublished": "2025-03-07T02:00:08.654Z",
"dateReserved": "2025-03-06T15:39:53.000Z",
"dateUpdated": "2025-03-10T19:49:03.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2058 (GCVE-0-2025-2058)
Vulnerability from nvd – Published: 2025-03-07 01:31 – Updated: 2025-03-07 16:35
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal search.php sql injection
Summary
A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
Credits
12T4 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2058",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T16:34:33.496363Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T16:35:35.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "12T4 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul Emergency Ambulance Hiring Portal 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /admin/search.php. Durch das Beeinflussen des Arguments searchdata mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T01:31:05.685Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298813 | PHPGurukul Emergency Ambulance Hiring Portal search.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.298813"
},
{
"name": "VDB-298813 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298813"
},
{
"name": "Submit #514462 | PHPGurukul Emergency Ambulance Hiring Portal V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.514462"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/12T40910/CVE/issues/4"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-06T16:45:08.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal search.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2058",
"datePublished": "2025-03-07T01:31:05.685Z",
"dateReserved": "2025-03-06T15:39:50.209Z",
"dateUpdated": "2025-03-07T16:35:35.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2057 (GCVE-0-2025-2057)
Vulnerability from nvd – Published: 2025-03-07 01:00 – Updated: 2025-03-07 16:36
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal about-us.php sql injection
Summary
A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/about-us.php. The manipulation of the argument pagedes leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
Credits
12T4 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2057",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T16:36:21.414174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T16:36:34.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "12T4 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/about-us.php. The manipulation of the argument pagedes leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in PHPGurukul Emergency Ambulance Hiring Portal 1.0 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /admin/about-us.php. Durch Manipulieren des Arguments pagedes mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T01:00:09.198Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298812 | PHPGurukul Emergency Ambulance Hiring Portal about-us.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.298812"
},
{
"name": "VDB-298812 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298812"
},
{
"name": "Submit #514461 | PHPGurukul Emergency Ambulance Hiring Portal V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.514461"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/12T40910/CVE/issues/5"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-06T16:45:06.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal about-us.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2057",
"datePublished": "2025-03-07T01:00:09.198Z",
"dateReserved": "2025-03-06T15:39:47.829Z",
"dateUpdated": "2025-03-07T16:36:34.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3091 (GCVE-0-2024-3091)
Vulnerability from nvd – Published: 2024-03-30 13:31 – Updated: 2024-08-01 19:32
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal Search Request Page search.php cross site scripting
Summary
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/search.php of the component Search Request Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258684.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
Credits
dhabaleshwar (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpgurukul:emergency_ambulance_hiring_portal:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emergency_ambulance_hiring_portal",
"vendor": "phpgurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3091",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T15:43:01.574458Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T18:28:07.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258684 | PHPGurukul Emergency Ambulance Hiring Portal Search Request Page search.php cross site scripting",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.258684"
},
{
"name": "VDB-258684 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258684"
},
{
"name": "Submit #306965 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Cross Site Scripting",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.306965"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_authrxss.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Search Request Page"
],
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dhabaleshwar (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/search.php of the component Search Request Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258684."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in PHPGurukul Emergency Ambulance Hiring Portal 1.0 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Datei /admin/search.php der Komponente Search Request Page. Durch Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-30T13:31:03.574Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258684 | PHPGurukul Emergency Ambulance Hiring Portal Search Request Page search.php cross site scripting",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.258684"
},
{
"name": "VDB-258684 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258684"
},
{
"name": "Submit #306965 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.306965"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_authrxss.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-29T15:32:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal Search Request Page search.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3091",
"datePublished": "2024-03-30T13:31:03.574Z",
"dateReserved": "2024-03-29T14:27:20.757Z",
"dateUpdated": "2024-08-01T19:32:42.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3090 (GCVE-0-2024-3090)
Vulnerability from nvd – Published: 2024-03-30 13:00 – Updated: 2024-08-21 22:42
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal Add Ambulance Page add-ambulance.php cross site scripting
Summary
A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/add-ambulance.php of the component Add Ambulance Page. The manipulation of the argument Ambulance Reg No/Driver Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258683.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
Credits
dhabaleshwar (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258683 | PHPGurukul Emergency Ambulance Hiring Portal Add Ambulance Page add-ambulance.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.258683"
},
{
"name": "VDB-258683 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258683"
},
{
"name": "Submit #306964 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Cross Site Scripting",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.306964"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_authsxss.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpgurukul:emergency_ambulance_hiring_portal:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emergency_ambulance_hiring_portal",
"vendor": "phpgurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3090",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-11T17:48:49.879815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T22:42:39.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Add Ambulance Page"
],
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dhabaleshwar (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/add-ambulance.php of the component Add Ambulance Page. The manipulation of the argument Ambulance Reg No/Driver Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258683."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in PHPGurukul Emergency Ambulance Hiring Portal 1.0 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei /admin/add-ambulance.php der Komponente Add Ambulance Page. Durch das Manipulieren des Arguments Ambulance Reg No/Driver Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-30T13:00:04.772Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258683 | PHPGurukul Emergency Ambulance Hiring Portal Add Ambulance Page add-ambulance.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.258683"
},
{
"name": "VDB-258683 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258683"
},
{
"name": "Submit #306964 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.306964"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_authsxss.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-29T15:32:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal Add Ambulance Page add-ambulance.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3090",
"datePublished": "2024-03-30T13:00:04.772Z",
"dateReserved": "2024-03-29T14:27:17.803Z",
"dateUpdated": "2024-08-21T22:42:39.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3089 (GCVE-0-2024-3089)
Vulnerability from nvd – Published: 2024-03-30 11:31 – Updated: 2024-08-01 19:32
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal Manage Ambulance Page manage-ambulance.php cross-site request forgery
Summary
A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/manage-ambulance.php of the component Manage Ambulance Page. The manipulation of the argument del leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258682 is the identifier assigned to this vulnerability.
Severity ?
4.3 (Medium)
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
Credits
dhabaleshwar (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpgurukul:emergency_ambulance_hiring_portal:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emergency_ambulance_hiring_portal",
"vendor": "phpgurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3089",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-01T19:27:32.670772Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T19:03:11.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258682 | PHPGurukul Emergency Ambulance Hiring Portal Manage Ambulance Page manage-ambulance.php cross-site request forgery",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.258682"
},
{
"name": "VDB-258682 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258682"
},
{
"name": "Submit #306963 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Cross Site Request Forgery",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.306963"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_csrf.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Manage Ambulance Page"
],
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dhabaleshwar (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/manage-ambulance.php of the component Manage Ambulance Page. The manipulation of the argument del leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258682 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "In PHPGurukul Emergency Ambulance Hiring Portal 1.0 wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/manage-ambulance.php der Komponente Manage Ambulance Page. Mittels Manipulieren des Arguments del mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-30T11:31:03.732Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258682 | PHPGurukul Emergency Ambulance Hiring Portal Manage Ambulance Page manage-ambulance.php cross-site request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.258682"
},
{
"name": "VDB-258682 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258682"
},
{
"name": "Submit #306963 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Cross Site Request Forgery",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.306963"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_csrf.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-29T15:32:41.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal Manage Ambulance Page manage-ambulance.php cross-site request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3089",
"datePublished": "2024-03-30T11:31:03.732Z",
"dateReserved": "2024-03-29T14:27:15.069Z",
"dateUpdated": "2024-08-01T19:32:42.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3088 (GCVE-0-2024-3088)
Vulnerability from nvd – Published: 2024-03-30 11:00 – Updated: 2025-08-27 21:23
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal Forgot Password Page forgot-password.php sql injection
Summary
A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. This affects an unknown part of the file /admin/forgot-password.php of the component Forgot Password Page. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258681 was assigned to this vulnerability.
Severity ?
7.3 (High)
7.3 (High)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
Credits
dhabaleshwar (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258681 | PHPGurukul Emergency Ambulance Hiring Portal Forgot Password Page forgot-password.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.258681"
},
{
"name": "VDB-258681 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258681"
},
{
"name": "Submit #306962 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 SQL Injection",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.306962"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_forgotpasssqli.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-01T17:31:37.994438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:23:01.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Forgot Password Page"
],
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dhabaleshwar (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. This affects an unknown part of the file /admin/forgot-password.php of the component Forgot Password Page. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258681 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in PHPGurukul Emergency Ambulance Hiring Portal 1.0 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /admin/forgot-password.php der Komponente Forgot Password Page. Mittels dem Manipulieren des Arguments username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-30T11:00:05.544Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258681 | PHPGurukul Emergency Ambulance Hiring Portal Forgot Password Page forgot-password.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.258681"
},
{
"name": "VDB-258681 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258681"
},
{
"name": "Submit #306962 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.306962"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_forgotpasssqli.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-29T15:32:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal Forgot Password Page forgot-password.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3088",
"datePublished": "2024-03-30T11:00:05.544Z",
"dateReserved": "2024-03-29T14:27:12.231Z",
"dateUpdated": "2025-08-27T21:23:01.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3087 (GCVE-0-2024-3087)
Vulnerability from nvd – Published: 2024-03-30 10:31 – Updated: 2024-08-21 22:43
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal Ambulance Tracking Page ambulance-tracking.php sql injection
Summary
A vulnerability, which was classified as critical, has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this issue is some unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258680.
Severity ?
7.3 (High)
7.3 (High)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
Credits
dhabaleshwar (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258680 | PHPGurukul Emergency Ambulance Hiring Portal Ambulance Tracking Page ambulance-tracking.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.258680"
},
{
"name": "VDB-258680 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258680"
},
{
"name": "Submit #306961 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Remote Code Execution",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.306961"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_rce.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpgurukul:emergency_ambulance_hiring_portal:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emergency_ambulance_hiring_portal",
"vendor": "phpgurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3087",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-02T14:31:12.482917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T22:43:08.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Ambulance Tracking Page"
],
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dhabaleshwar (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this issue is some unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258680."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in PHPGurukul Emergency Ambulance Hiring Portal 1.0 entdeckt. Davon betroffen ist unbekannter Code der Datei ambulance-tracking.php der Komponente Ambulance Tracking Page. Durch Manipulation des Arguments searchdata mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-30T10:31:04.302Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258680 | PHPGurukul Emergency Ambulance Hiring Portal Ambulance Tracking Page ambulance-tracking.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.258680"
},
{
"name": "VDB-258680 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258680"
},
{
"name": "Submit #306961 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Remote Code Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.306961"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_rce.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-29T15:32:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal Ambulance Tracking Page ambulance-tracking.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3087",
"datePublished": "2024-03-30T10:31:04.302Z",
"dateReserved": "2024-03-29T14:27:09.331Z",
"dateUpdated": "2024-08-21T22:43:08.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3086 (GCVE-0-2024-3086)
Vulnerability from nvd – Published: 2024-03-30 09:00 – Updated: 2024-08-12 13:32
VLAI?
Title
PHPGurukul Emergency Ambulance Hiring Portal Ambulance Tracking Page ambulance-tracking.php cross site scripting
Summary
A vulnerability classified as problematic was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258679.
Severity ?
4.3 (Medium)
4.3 (Medium)
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | Emergency Ambulance Hiring Portal |
Affected:
1.0
|
Credits
dhabaleshwar (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258679 | PHPGurukul Emergency Ambulance Hiring Portal Ambulance Tracking Page ambulance-tracking.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.258679"
},
{
"name": "VDB-258679 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258679"
},
{
"name": "Submit #306960 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Cross Site Scripting",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.306960"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_rxss.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpgurukul:emergency_ambulance_hiring_portal:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emergency_ambulance_hiring_portal",
"vendor": "phpgurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3086",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-01T18:42:36.807933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T13:32:04.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Ambulance Tracking Page"
],
"product": "Emergency Ambulance Hiring Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dhabaleshwar (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258679."
},
{
"lang": "de",
"value": "In PHPGurukul Emergency Ambulance Hiring Portal 1.0 wurde eine problematische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei ambulance-tracking.php der Komponente Ambulance Tracking Page. Durch die Manipulation des Arguments searchdata mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-30T09:00:04.100Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258679 | PHPGurukul Emergency Ambulance Hiring Portal Ambulance Tracking Page ambulance-tracking.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.258679"
},
{
"name": "VDB-258679 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258679"
},
{
"name": "Submit #306960 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.306960"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_rxss.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-29T15:32:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Emergency Ambulance Hiring Portal Ambulance Tracking Page ambulance-tracking.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3086",
"datePublished": "2024-03-30T09:00:04.100Z",
"dateReserved": "2024-03-29T14:27:06.924Z",
"dateUpdated": "2024-08-12T13:32:04.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}