SQL Injection Vulnerability in PHPGurukul Credit Card Application Management System
CVE-2025-4941

6.9MEDIUM

Key Information:

Vendor

PHPgurukul

Vendor
CVE Published:
19 May 2025

Badges

📈 Score: 878👾 Exploit Exists🟡 Public PoC

What is CVE-2025-4941?

CVE-2025-4941 refers to a critical SQL injection vulnerability identified in the PHPGurukul Credit Card Application Management System version 1.0. This software is designed to facilitate the management of credit card applications through a structured system, providing various functionalities to users. The vulnerability resides in a particular function within the administrative interface located at /admin/index.php, where an attacker can manipulate the input parameter 'Username'. This flaw allows for remote SQL injection attacks, enabling unauthorized users to execute arbitrary SQL queries on the database. Given the context of a credit card management system, successful exploitation could lead to severe ramifications, including access to sensitive financial information and potentially extensive data manipulation.

Potential impact of CVE-2025-4941

  1. Unauthorized Data Access: The SQL injection vulnerability allows attackers to pull sensitive information from the database, potentially exposing personal and financial data of users. This can lead to identity theft, financial fraud, and breaches of privacy.

  2. Data Integrity Compromise: Attackers could manipulate or delete critical data within the system, disrupting normal operations and affecting the integrity of the information managed by the application. Damage to data credibility can harm trust and reputation for organizations utilizing the system.

  3. Increased Risk of Malware Deployment: Given the critical nature of this vulnerability, it opens the door for attackers to deploy additional payloads or malware within the affected systems, which could lead to broader compromises including ransomware attacks and systemic failures.

Affected Version(s)

Credit Card Application Management System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

girishbo (VulDB User)
.