SQL Injection Vulnerability in PHPGurukul Online Banquet Booking System
CVE-2025-2382

7.3HIGH

Key Information:

Vendor: PHPGurukul
Status: Online Banquet Booking System
Vendor: CVE Published:; 17 March 2025

What is CVE-2025-2382?

A vulnerability has been identified in the PHPGurukul Online Banquet Booking System version 1.0, specifically affecting the /admin/booking-search.php file. This issue arises due to improper handling of user input in the searchdata parameter, enabling attackers to execute SQL injection attacks. Remote exploitation of this vulnerability is possible, posing a serious threat to the integrity and security of application data. It is important for users of this software to be aware of this risk and take appropriate measures to secure their systems.

References

https://github.com/aionman/cve/issues/5

https://phpgurukul.com/

https://vuldb.com/?ctiid.299881

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 17, 2025