SQL Injection Vulnerability in PHPGurukul Zoo Management System 2.1
CVE-2025-6930
5.3MEDIUM
Key Information:
- Vendor
PHPgurukul
- Status
- Vendor
- CVE Published:
- 30 June 2025
Badges
👾 Exploit Exists🟡 Public PoC
What is CVE-2025-6930?
A SQL injection vulnerability has been identified in the PHPGurukul Zoo Management System version 2.1, specifically within the /admin/manage-foreigners-ticket.php file. The vulnerability arises from improper handling of the ID parameter, allowing attackers to manipulate database queries. This flaw can be exploited remotely, potentially leading to unauthorized access to sensitive information stored in the database. Public disclosure of the exploit has raised concerns regarding the security of systems utilizing this software.
Affected Version(s)
Zoo Management System 2.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.