SQL Injection Vulnerability in PHPGurukul Notice Board System
CVE-2025-5638
Key Information:
- Vendor
PHPgurukul
- Status
- Vendor
- CVE Published:
- 5 June 2025
Badges
What is CVE-2025-5638?
A vulnerability exists in the PHPGurukul Notice Board System 1.0, specifically within the /admin-profile.php file. This flaw allows for SQL injection through the manipulation of the 'mobilenumber' argument, enabling attackers to execute arbitrary SQL queries. The nature of this vulnerability allows for remote exploitation, posing a significant risk to the integrity of the database and potentially exposing sensitive information. Additionally, other parameters in this functionality may also be vulnerable, raising concerns about the overall security of the application.
Affected Version(s)
Notice Board System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.