SQL Injection Vulnerability in PHPGurukul Hostel Management System by PHPGurukul
CVE-2025-6153
Key Information:
- Vendor
PHPgurukul
- Status
- Vendor
- CVE Published:
- 17 June 2025
Badges
What is CVE-2025-6153?
A significant SQL injection vulnerability exists in the PHPGurukul Hostel Management System version 1.0, specifically affecting the /admin/students.php file. This vulnerability arises from improper handling of the 'search_box' parameter, allowing attackers to manipulate SQL queries and gain unauthorized access to the database. The exploit can be executed remotely, potentially exposing sensitive data and compromising system integrity. It's crucial for users of this product to apply security patches and follow best practices to mitigate risks associated with this vulnerability.
Affected Version(s)
Hostel Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved