PT-2025-9619 · Unknown · Phpgurukul Student Record System

Panghuanjie66

Publicado

2025-03-04

Atualizado

2025-03-05

CVE-2025-1902

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PHPGurukul Student Record System version 3.2

Description A critical issue has been discovered, affecting the /password-recovery.php file, where manipulation of the emailid argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For PHPGurukul Student Record System version 3.2, consider restricting access to the /password-recovery.php file until a fix is available, and avoid using the emailid argument in this context to minimize the risk of exploitation.

Exploit

Correção

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2025-1902

Produtos afetados

Phpgurukul Student Record System

PT-2025-9619 · Unknown · Phpgurukul Student Record System

CVE-2025-1902

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14