SQL Injection Vulnerability in PHPGurukul e-Diary Management System
CVE-2025-4508
What is CVE-2025-4508?
The e-Diary Management System by PHPGurukul is vulnerable to SQL injection attacks due to inadequate validation of user-supplied input in the file /my-profile.php. Specifically, the 'fname' argument can be manipulated, allowing remote attackers to execute arbitrary SQL commands. This vulnerability not only compromises the integrity of the database but may also affect additional parameters within the application. Security measures should be implemented promptly to mitigate the risk associated with this exploit, which has been publicly disclosed and may be actively exploited.
Affected Version(s)
e-Diary Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved