SQL Injection Vulnerability in PHPGurukul Daily Expense Tracker System
CVE-2025-4907
6.9MEDIUM
What is CVE-2025-4907?
A vulnerability exists in the PHPGurukul Daily Expense Tracker System, specifically in the forgot-password.php file. This security flaw allows an attacker to manipulate the email argument, leading to potential SQL injection attacks. Such vulnerabilities can be exploited remotely, enabling unauthorized access to sensitive database information. This issue has been publicly disclosed, highlighting the need for immediate attention and remediation by users and administrators of the affected versions.
Affected Version(s)
Daily Expense Tracker System 1.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.