SQL Injection Vulnerability in PHPGurukul Billing System by PHPGurukul
CVE-2025-65379

6.5MEDIUM

Key Information:

Vendor: PHPGurukul
Status: Billing System
Vendor: CVE Published:; 2 December 2025

What is CVE-2025-65379?

The PHPGurukul Billing System version 1.0 contains a SQL Injection vulnerability located in the /admin/password-recovery.php endpoint. This vulnerability arises from the unvalidated acceptance of user inputs through the username and mobileno parameters. Malicious actors can exploit this flaw by injecting SQL code into these parameters, leading to unauthorized access to sensitive data and potential compromise of the database.

References

https://phpgurukul.com/billing-system-using-php-and-mysql/

https://github.com/dewcode91/security-research/blob/main/...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 2, 2025
Vulnerability Reserved
Nov 18, 2025

JSON