Directory Traversal Vulnerability in PHPGurukul Pre-School Enrollment System
CVE-2025-28072

7.5HIGH

Key Information:

Vendor: PHPGurukul
Status: Pre-School Enrollment System
Vendor: CVE Published:; 16 April 2025

What is CVE-2025-28072?

The PHPGurukul Pre-School Enrollment System is susceptible to a directory traversal vulnerability in the manage-teachers.php component. This issue allows unauthorized users to gain access to sensitive files outside of the intended directory structure, potentially leading to data exposure or manipulation. Proper input validation and sanitization measures should be implemented to mitigate this risk and ensure system integrity.

References

https://github.com/baixiaobi/TST/blob/main/README.md

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2025