SQL Injection Vulnerability in PHPGurukul Curfew e-Pass Management System
CVE-2025-4113
Key Information:
- Vendor
PHPgurukul
- Vendor
- CVE Published:
- 30 April 2025
Badges
What is CVE-2025-4113?
A vulnerability exists in the PHPGurukul Curfew e-Pass Management System version 1.0, caused by improper handling of the 'editid' parameter in the /admin/edit-pass-detail.php file. This flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized access and data manipulation. The exploitation of this vulnerability can be performed remotely, making it essential for users to implement protective measures promptly.
Affected Version(s)
Curfew e-Pass Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved