SQL Injection Vulnerability in PHPGurukul Curfew e-Pass Management System 1.0
CVE-2025-2381
7.3HIGH
Key Information:
- Vendor
- PHPGurukul
- Vendor
- CVE Published:
- 17 March 2025
Summary
A vulnerability has been identified in the PHPGurukul Curfew e-Pass Management System 1.0, specifically within the /admin/search-pass.php file. This vulnerability allows attackers to manipulate the searchdata input, which can lead to SQL injection. The vulnerability can be exploited remotely, posing a significant risk to users of this software. The details of this exploit have been publicly disclosed, highlighting the need for users to assess their security measures.
References
CVSS V3.1
Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published