SQL Injection Vulnerability in PHPGurukul Human Metapneumovirus Testing Management System
CVE-2025-2372

9.8CRITICAL

Key Information:

Vendor: PHPGurukul
Status: Human Metapneumovirus Testing Management System
Vendor: CVE Published:; 17 March 2025

What is CVE-2025-2372?

A security flaw has been identified in the password recovery component of PHPGurukul's Human Metapneumovirus Testing Management System version 1.0. The vulnerability resides in the /password-recovery.php file, where improper handling of the 'username' parameter can lead to SQL injection attacks. This flaw allows attackers to execute arbitrary SQL commands through a crafted request, potentially compromising the integrity of the database and leading to unauthorized access. As this vulnerability can be exploited remotely, it emphasizes the need for immediate remediation and security best practices to safeguard sensitive user data.

References

https://github.com/SECWG/cve/issues/5

https://phpgurukul.com/

https://vuldb.com/?ctiid.299871

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 17, 2025