SQL Injection Vulnerability in PHPGurukul Apartment Visitors Management System
CVE-2025-4505
What is CVE-2025-4505?
A vulnerability exists in the PHPGurukul Apartment Visitors Management System 1.0, stemming from an insecure functionality in the /category.php file. The issue arises due to insufficient validation on the 'categoryname' parameter, which allows attackers to execute arbitrary SQL queries, potentially leading to data manipulation or retrieval. This vulnerability can be exploited remotely, raising significant security concerns for users relying on this system for managing apartment visitor records.
Affected Version(s)
Apartment Visitors Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved