SQL Injection Vulnerability in PHPGurukul COVID19 Testing Management System
CVE-2025-3973

6.9MEDIUM

Key Information:

Vendor: PHPgurukul
Status: Covid19 Testing Management System
Vendor: CVE Published:; 27 April 2025

Badges

👾 Exploit Exists

What is CVE-2025-3973?

A SQL injection vulnerability has been identified in PHPGurukul's COVID19 Testing Management System version 1.0. This issue arises in the /check_availability.php file, specifically through the manipulation of the 'mobnumber' parameter. This vulnerability allows for remote exploitation, potentially compromising the integrity of the system's database. The public disclosure of this exploit raises significant security concerns, as additional parameters may also be susceptible to similar injection attacks.

Affected Version(s)

COVID19 Testing Management System 1.0

References

https://vuldb.com/?id.306309

vdb-entrytechnical-description

https://vuldb.com/?ctiid.306309

signaturepermissions-required

https://vuldb.com/?submit.557393

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Apr 27, 2025
Vulnerability published
Apr 27, 2025
Vulnerability Reserved
Apr 26, 2025

Credit

l0ners (VulDB User)

PHPgurukul