SQL Injection Vulnerability in PHPGurukul Time Table Generator System
CVE-2025-3168

6.9MEDIUM

Key Information:

Vendor
PHPgurukul
Status
Time Table Generator System
Vendor
CVE Published:
3 April 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A SQL injection vulnerability exists in the PHPGurukul Time Table Generator System 1.0, specifically within the /admin/edit-class.php file. This vulnerability allows an attacker to manipulate the argument 'editid', potentially enabling unauthorized access to the database and extraction of sensitive information. The exploit can be executed remotely, highlighting the need for immediate attention and remediation to protect user data and maintain system integrity.

Affected Version(s)

Time Table Generator System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-3168 - Proof of Concept

References

https://vuldb.com/?id.303127
vdb-entrytechnical-description
https://vuldb.com/?ctiid.303127
signaturepermissions-required
https://vuldb.com/?submit.543172
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

pyj2cve (VulDB User)
.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.