📦 Small Crm
by Phpgurukul
🔍 What is Small Crm?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2025-11053 is a SQL injection vulnerability in PHPGurukul Small CRM 4.0's password reset function. Attackers can exploit the 'email' parameter in /forgot-password.php to execute arbitrary SQL comm...
CVE-2025-10664 is a SQL injection vulnerability in PHPGurukul Small CRM 4.0 that allows remote attackers to execute arbitrary SQL commands via the 'subject' parameter in create-ticket.php. This affect...
This vulnerability allows attackers to hijack user sessions in PHPGurukul Small CRM v3.0 by exploiting improper session invalidation in the password change functionality. Attackers can maintain access...
This critical SQL injection vulnerability in PHPGurukul Small CRM 3.0 allows remote attackers to execute arbitrary SQL commands via the 'aremark' parameter in /admin/manage-tickets.php. Successful exp...
This vulnerability in PHPGurukul Small CRM 4.0 allows unauthorized access to the edit-user.php admin function, enabling attackers to modify user accounts without proper authentication. It affects all ...
PHPGurukul Small CRM 3.0 contains a stored cross-site scripting vulnerability in the ticket management system. Attackers can inject malicious scripts via the 'aremark' parameter in manage-tickets.php,...
PHPGurukul Small CRM 3.0 contains SQL injection vulnerabilities in the quote-details.php file via id and adminremark parameters. This allows attackers to execute arbitrary SQL commands on the database...
PHPGurukul Small CRM 3.0 contains a SQL injection vulnerability in the change-password.php file via the oldpass parameter. This allows attackers to execute arbitrary SQL commands on the database. Orga...
PHPGurukul Small CRM 3.0 contains a SQL injection vulnerability in the manage-tickets.php file through the frm_id and aremark parameters. This allows attackers to execute arbitrary SQL commands on the...
This vulnerability allows remote attackers to execute SQL injection attacks via the email parameter in PHPGurukul Small CRM 1.0's admin/index.php file. Attackers can potentially access, modify, or del...
This vulnerability allows remote attackers to execute arbitrary SQL commands via the 'id' parameter in the /admin/edit-user.php file in PHPGurukul Small CRM 1.0. Attackers can potentially access, modi...