Phpgurukul ≫ Client Management System

Cross-Site Scripting (XSS) vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allow local attackers to inject arbitrary web script or HTML via the search input field parameter to admin search invoice page and client search invoice p...

Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php.

Cross Site Scripting vulnerability in /edit-client-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code via the "cname", "comname", "state" and "city" parameter.

SQL Injection vulnerability in the "Invoices" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "searchdata" parameter.

SQL Injection vulnerability in "B/W Dates Reports" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "todate" and "fromdate" parameters.

Cross Site Scripting vulnerability in /edit-services-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and via "price" and "sname" parameter.

Cross Site Scripting vulnerability in /bwdates-reports-ds.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the fromdate and todate parameters.

Cross Site Scripting vulnerability in /search-invoices.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the Search bar.