SQL Injection Vulnerability in PHPGurukul Complaint Management System 2.0
CVE-2025-5655
5.3MEDIUM
What is CVE-2025-5655?
A SQL injection vulnerability has been identified in the PHPGurukul Complaint Management System version 2.0, specifically impacting the /admin/edit-subcategory.php file. By manipulating the 'subcategory' argument, an attacker could execute malicious SQL commands resulting in unauthorized access or data manipulation. The exploit can be initiated remotely, posing significant risks. Public disclosure of this vulnerability may lead to increased attempts to exploit the flaw, making it crucial for users to apply necessary security measures.
Affected Version(s)
Complaint Management System 2.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.