SQL Injection Vulnerability in RashminDungrani Online Banking
CVE-2025-14192

6.9MEDIUM

Key Information:

Vendor

Rashmindungrani

Status
Online-banking
Vendor
CVE Published:
7 December 2025

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2025-14192?

A vulnerability discovered in RashminDungrani's online banking system allows for SQL injection via manipulation of the Username parameter in the auth_login.php file. This security flaw can be exploited remotely, posing significant risks to user data and authentication processes. The vulnerability is particularly concerning as it affects a pivotal component of the authentication mechanism, enabling potential unauthorized access to sensitive information. Continuous rolling releases have left the details on versions affected unclear, and communication attempts with the vendor regarding this issue have gone unanswered.

Affected Version(s)

online-banking 2337ad552ea9d385b4e07b90e6f32d011b7c68a2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-14192 - Proof of Concept

References

https://vuldb.com/?id.334612
vdb-entrytechnical-description
https://vuldb.com/?ctiid.334612
signaturepermissions-required
https://vuldb.com/?submit.699237
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Brill (VulDB User)
JSON
.
CVE-2025-14192 : SQL Injection Vulnerability in RashminDungrani Online Banking