SQL Injection Vulnerability in PHPGurukul Human Metapneumovirus Testing Management System
CVE-2025-2372

7.3HIGH

Key Information:

Vendor: PHPGurukul
Status: Human Metapneumovirus Testing Management System
Vendor: CVE Published:; 17 March 2025

Summary

A security flaw has been identified in the password recovery component of PHPGurukul's Human Metapneumovirus Testing Management System version 1.0. The vulnerability resides in the /password-recovery.php file, where improper handling of the 'username' parameter can lead to SQL injection attacks. This flaw allows attackers to execute arbitrary SQL commands through a crafted request, potentially compromising the integrity of the database and leading to unauthorized access. As this vulnerability can be exploited remotely, it emphasizes the need for immediate remediation and security best practices to safeguard sensitive user data.

References

https://github.com/SECWG/cve/issues/5

https://phpgurukul.com/

https://vuldb.com/?ctiid.299871

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 17, 2025