Path Traversal Vulnerability in PHPGurukul Online Nurse Hiring System
CVE-2025-1588

6.9MEDIUM

Key Information:

Vendor: PHPgurukul
Status: Online Nurse Hiring System
Vendor: CVE Published:; 23 February 2025

Badges

👾 Exploit Exists

What is CVE-2025-1588?

The PHPGurukul Online Nurse Hiring System 1.0 is vulnerable to path traversal attacks due to improper validation of input parameters in the /admin/manage-nurse.php file. An attacker can exploit this vulnerability remotely by manipulating the profilepic argument, allowing access to restricted directories such as '../filedir'. This can lead to unauthorized file access and potential data leakage. Awareness of this vulnerability is crucial for users of the system to implement necessary security measures.

Affected Version(s)

Online Nurse Hiring System 1.0

References

https://vuldb.com/?id.296572

vdb-entrytechnical-description

https://vuldb.com/?ctiid.296572

signaturepermissions-required

https://vuldb.com/?submit.505441

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Feb 23, 2025
Vulnerability published
Feb 23, 2025
Vulnerability Reserved
Feb 22, 2025

PHPgurukul

Badges

What is CVE-2025-1588?

Affected Version(s)

References

CVSS V4

Timeline