Remote Code Execution Risk in PHPGurukul Land Record System
CVE-2025-25356
7.2HIGH
Summary
The PHPGurukul Land Record System version 1.0 contains a SQL Injection vulnerability located in the /admin/bwdates-reports-details.php file. This security flaw permits remote attackers to execute arbitrary SQL code, potentially manipulating the database. The vulnerability arises from inadequate validation of user input, particularly with the 'todate' parameter in POST requests. Exploitation of this flaw can lead to unauthorized access and control over sensitive data, highlighting the need for immediate remediation in web applications.
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved