CVE-2025-3974

Name of the Vulnerable Software and Affected Versions PHPGurukul COVID19 Testing Management System version 1.0

Description A critical vulnerability has been found in the PHPGurukul COVID19 Testing Management System. This issue affects unknown code of the file /edit-phlebotomist.php?pid=11. The manipulation of the argument mobilenumber leads to SQL injection. The attack can be initiated remotely. Other parameters might also be affected.

Recommendations As a temporary workaround, consider disabling the /edit-phlebotomist.php endpoint until a patch is available. Restrict access to the mobilenumber argument in the affected API endpoint to minimize the risk of exploitation. Avoid using the mobilenumber parameter in the /edit-phlebotomist.php endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.