SQL Injection Vulnerability in PHPGurukul Zoo Management System
CVE-2025-6929
Key Information:
- Vendor
PHPgurukul
- Status
- Vendor
- CVE Published:
- 30 June 2025
Badges
What is CVE-2025-6929?
A SQL injection vulnerability exists in the PHPGurukul Zoo Management System version 2.1. This vulnerability is triggered by improper handling of the 'viewid' parameter in the /admin/view-normal-ticket.php file. By exploiting this flaw, an attacker can execute malicious SQL queries that may compromise the application's database. The attack can be initiated remotely, increasing the risk of unauthorized access to sensitive information. Given that this exploit has been publicly disclosed, it poses a significant security threat to systems running this version of the software.
Affected Version(s)
Zoo Management System 2.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.