SQL Injection Vulnerability in PHPGurukul Human Metapneumovirus Testing Management System
CVE-2025-2373

8.8HIGH

Key Information:

Vendor: PHP Gurukul
Status: Human Metapneumovirus Testing Management System
Vendor: CVE Published:; 17 March 2025

Summary

A vulnerability exists in the PHPGurukul Human Metapneumovirus Testing Management System that allows attackers to exploit the '/check_availability.php' file through crafted input parameters such as 'mobnumber' or 'employeeid'. This SQL injection vulnerability facilitates unauthorized access to the database, potentially compromising sensitive information. Given that the attack can be executed remotely, it poses a significant risk to organizations utilizing this system. Immediate attention and mitigation strategies are recommended to safeguard data integrity.

References

https://github.com/SECWG/cve/issues/6

https://phpgurukul.com/

https://vuldb.com/?ctiid.299872

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 17, 2025