SQL Injection Vulnerability in PHPGurukul Curfew e-Pass Management System 1.0
CVE-2025-2381

7.3HIGH

Key Information:

Vendor
PHPGurukul
Status
Curfew e-Pass Management System
Vendor
CVE Published:
17 March 2025

Summary

A vulnerability has been identified in the PHPGurukul Curfew e-Pass Management System 1.0, specifically within the /admin/search-pass.php file. This vulnerability allows attackers to manipulate the searchdata input, which can lead to SQL injection. The vulnerability can be exploited remotely, posing a significant risk to users of this software. The details of this exploit have been publicly disclosed, highlighting the need for users to assess their security measures.

References

https://github.com/aionman/cve/issues/4
https://phpgurukul.com/
https://vuldb.com/?ctiid.299880

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.