SQL Injection Vulnerability in PHPGurukul Complaint Management System 2.0
CVE-2025-5659
5.3MEDIUM
What is CVE-2025-5659?
A SQL injection vulnerability has been identified in the PHPGurukul Complaint Management System 2.0 that compromises the security of the application. The issue resides in the file /user/profile.php, where the manipulation of the 'pincode' parameter can allow attackers to execute arbitrary SQL commands. This vulnerability can be exploited remotely, potentially exposing sensitive data and compromising system integrity. It is crucial for users and administrators to implement immediate security measures to protect against this threat.
Affected Version(s)
Complaint Management System 2.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.