← Back

Small Crm

small_crm

Vendor: Phpgurukul • 19 CVEs

CVEs (19)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-15390
1Phpgurukul
1Small Crm
Apr 29, 2026
Dec 31, 2025
2.1 LOW· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack r...Show more
A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.Show less
CVE-2024-44648
1Phpgurukul
1Small Crm
Nov 19, 2025
Nov 17, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via id and adminremark parameters in quote-details.php.
CVE-2024-44647
1Phpgurukul
1Small Crm
Nov 19, 2025
Nov 17, 2025
N/A· v4
6.1 MEDIUM· v3
N/A· v2
PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via the aremark parameter in manage-tickets.php.
CVE-2024-44644
1Phpgurukul
1Small Crm
Nov 19, 2025
Nov 17, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the frm_id and aremark parameters in manage-tickets.php.
CVE-2024-44641
1Phpgurukul
1Small Crm
Nov 19, 2025
Nov 17, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the oldpass parameter in change-password.php.
CVE-2025-11053
1Phpgurukul
1Small Crm
Apr 29, 2026
Sep 27, 2025
5.5 MEDIUM· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A weakness has been identified in PHPGurukul Small CRM 4.0. This affects an unknown function of the file /forgot-password.php. Executing manipulation of the argument email can lead to sql injection. The attack can be lau...Show more
A weakness has been identified in PHPGurukul Small CRM 4.0. This affects an unknown function of the file /forgot-password.php. Executing manipulation of the argument email can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.Show less
CVE-2025-10664
1Phpgurukul
1Small Crm
Apr 29, 2026
Sep 18, 2025
5.5 MEDIUM· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A vulnerability was determined in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /create-ticket.php. Executing manipulation of the argument subject can lead to sql injection. The attack may be lau...Show more
A vulnerability was determined in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /create-ticket.php. Executing manipulation of the argument subject can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.Show less
CVE-2025-10114
1Phpgurukul
1Small Crm
Apr 29, 2026
Sep 9, 2025
5.5 MEDIUM· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A vulnerability was found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /profile.php. The manipulation of the argument Name results in sql injection. The attack can be laun...Show more
A vulnerability was found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /profile.php. The manipulation of the argument Name results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.Show less
CVE-2025-10079
1Phpgurukul
1Small Crm
Apr 29, 2026
Sep 8, 2025
5.5 MEDIUM· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this vulnerability is an unknown functionality of the file /get-quote.php. Executing manipulation of the argument Contact can lead to sql injection. The atta...Show more
A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this vulnerability is an unknown functionality of the file /get-quote.php. Executing manipulation of the argument Contact can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.Show less
CVE-2025-9834
1Phpgurukul
1Small Crm
Apr 29, 2026
Sep 2, 2025
2.0 LOW· v4
5.4 MEDIUM· v3
4.0 MEDIUM· v2
A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /registration.php. Executing manipulation of the argument Username can lead to cross site scripting. It...Show more
A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /registration.php. Executing manipulation of the argument Username can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.Show less
CVE-2025-50484
1Phpgurukul
1Small Crm
Aug 7, 2025
Jul 28, 2025
N/A· v4
7.1 HIGH· v3
N/A· v2
Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0 allows attackers to execute a session hijacking attack.
CVE-2025-5227
1Phpgurukul
1Small Crm
Jun 10, 2025
May 27, 2025
6.9 MEDIUM· v4
7.3 HIGH· v3
7.5 HIGH· v2
A vulnerability was found in PHPGurukul Small CRM 3.0 and classified as critical. This issue affects some unknown processing of the file /admin/manage-tickets.php. The manipulation of the argument aremark leads to sql in...Show more
A vulnerability was found in PHPGurukul Small CRM 3.0 and classified as critical. This issue affects some unknown processing of the file /admin/manage-tickets.php. The manipulation of the argument aremark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.Show less
CVE-2025-5226
1Phpgurukul
1Small Crm
Jun 10, 2025
May 27, 2025
6.9 MEDIUM· v4
7.3 HIGH· v3
7.5 HIGH· v2
A vulnerability has been found in PHPGurukul Small CRM 3.0 and classified as critical. This vulnerability affects unknown code of the file /admin/change-password.php. The manipulation of the argument oldpass leads to sql...Show more
A vulnerability has been found in PHPGurukul Small CRM 3.0 and classified as critical. This vulnerability affects unknown code of the file /admin/change-password.php. The manipulation of the argument oldpass leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.Show less
CVE-2024-48170
1Phpgurukul
1Small Crm
Feb 18, 2025
Feb 10, 2025
N/A· v4
5.4 MEDIUM· v3
N/A· v2
PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload injected into the name in the profile.php.
CVE-2024-13001
1Phpgurukul
1Small Crm
Apr 3, 2025
Dec 29, 2024
5.3 MEDIUM· v4
9.8 CRITICAL· v3
6.5 MEDIUM· v2
A vulnerability was found in PHPGurukul Small CRM 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument email leads to sql injection. It i...Show more
A vulnerability was found in PHPGurukul Small CRM 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-13000
1Phpgurukul
1Small Crm
Feb 18, 2025
Dec 29, 2024
5.3 MEDIUM· v4
9.8 CRITICAL· v3
6.5 MEDIUM· v2
A vulnerability was found in PHPGurukul Small CRM 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/quote-details.php. The manipulation of the argument id leads to sql injectio...Show more
A vulnerability was found in PHPGurukul Small CRM 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/quote-details.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-12999
1Phpgurukul
1Small Crm
Feb 18, 2025
Dec 29, 2024
5.3 MEDIUM· v4
9.8 CRITICAL· v3
6.5 MEDIUM· v2
A vulnerability has been found in PHPGurukul Small CRM 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-user.php. The manipulation of the argument id leads to sql injection....Show more
A vulnerability has been found in PHPGurukul Small CRM 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-3691
1Phpgurukul
1Small Crm
Feb 18, 2025
Apr 12, 2024
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. Affected by this issue is some unknown functionality of the component Registration Page. The manipulation leads to sql inject...Show more
A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. Affected by this issue is some unknown functionality of the component Registration Page. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260480.Show less
CVE-2024-3690
1Phpgurukul
1Small Crm
Feb 18, 2025
Apr 12, 2024
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to sql injection....Show more
A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260479.Show less