SQL Injection Vulnerability in PHPGurukul Online Banquet Booking System
CVE-2025-2382
7.3HIGH
Key Information:
- Vendor
- PHPGurukul
- Vendor
- CVE Published:
- 17 March 2025
Summary
A vulnerability has been identified in the PHPGurukul Online Banquet Booking System version 1.0, specifically affecting the /admin/booking-search.php file. This issue arises due to improper handling of user input in the searchdata parameter, enabling attackers to execute SQL injection attacks. Remote exploitation of this vulnerability is possible, posing a serious threat to the integrity and security of application data. It is important for users of this software to be aware of this risk and take appropriate measures to secure their systems.
References
CVSS V3.1
Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published