SQL Injection Vulnerability in PHPGurukul Human Metapneumovirus Testing Management System
CVE-2025-2372
7.3HIGH
Key Information:
- Vendor
- PHPGurukul
- Vendor
- CVE Published:
- 17 March 2025
Summary
A security flaw has been identified in the password recovery component of PHPGurukul's Human Metapneumovirus Testing Management System version 1.0. The vulnerability resides in the /password-recovery.php file, where improper handling of the 'username' parameter can lead to SQL injection attacks. This flaw allows attackers to execute arbitrary SQL commands through a crafted request, potentially compromising the integrity of the database and leading to unauthorized access. As this vulnerability can be exploited remotely, it emphasizes the need for immediate remediation and security best practices to safeguard sensitive user data.
References
CVSS V3.1
Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published