SQL Injection Vulnerability in Student Record System by PHP Gurukul
CVE-2024-27685

7.1HIGH

Key Information:

Vendor: PHP Gurukul
Status: Student Record System
Vendor: CVE Published:; 25 June 2025

🔔 Create PHP Gurukul Vulnerability Alert

What is CVE-2024-27685?

A SQL Injection vulnerability exists in the Student Record System using PHP and MySQL version 3.20. This flaw may allow remote attackers to exploit the system by sending crafted payloads that manipulate the $cshortname, $cfullname, and $cdate variables. Such attacks can lead to unauthorized access to sensitive information stored within the database, posing significant risks to the database's integrity and confidentiality. Organizations utilizing this system are encouraged to evaluate their installations and apply necessary mitigations.

References

https://phpgurukul.com/student-record-system-php/

https://medium.com/@cnetsec/a-sql-injection-vulnerability...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2025
Vulnerability Reserved
Feb 26, 2024