SQL Injection Vulnerability in PHPGurukul Online Marriage Registration System
CVE-2025-4927
What is CVE-2025-4927?
A SQL injection vulnerability has been identified in the PHPGurukul Online Marriage Registration System version 1.0, specifically within the file /admin/between-dates-application-report.php. This flaw arises due to improper handling of user-supplied input parameters, specifically 'fromdate' and 'todate.' By manipulating these parameters, an attacker can execute arbitrary SQL queries against the underlying database. This vulnerability allows for remote exploitation, making it a significant security concern. The exploit has been publicly disclosed, increasing the urgency for affected users to implement remediation strategies promptly.
Affected Version(s)
Online Marriage Registration System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved