EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user.

EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery (CSRF) to remotely gain privileges in the User Profile panel. An attacker can update any user's account.

XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field

EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting (XSS) via the index.php. An Attacker is able to inject the XSS payload in the web application each time a user visits the website.