CVE-2025-2382

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Banquet Booking System version 1.0

Description A critical vulnerability was found in the PHPGurukul Online Banquet Booking System. The issue affects an unknown functionality of the file /admin/booking-search.php, where the manipulation of the searchdata argument leads to SQL injection. This can be exploited remotely.

Recommendations For PHPGurukul Online Banquet Booking System version 1.0, as a temporary workaround, consider restricting access to the /admin/booking-search.php file until a patch is available. Avoid using the searchdata argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.