SQL Injection Vulnerability in PHPGurukul Curfew e-Pass Management System 1.0
CVE-2025-2381

9.8CRITICAL

Key Information:

Vendor: PHPGurukul
Status: Curfew e-Pass Management System
Vendor: CVE Published:; 17 March 2025

What is CVE-2025-2381?

A vulnerability has been identified in the PHPGurukul Curfew e-Pass Management System 1.0, specifically within the /admin/search-pass.php file. This vulnerability allows attackers to manipulate the searchdata input, which can lead to SQL injection. The vulnerability can be exploited remotely, posing a significant risk to users of this software. The details of this exploit have been publicly disclosed, highlighting the need for users to assess their security measures.

References

https://github.com/aionman/cve/issues/4

https://phpgurukul.com/

https://vuldb.com/?ctiid.299880

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 17, 2025