CVE-2025-4073

Name of the Vulnerable Software and Affected Versions PHPGurukul Student Record System version 3.20

Description A critical issue was found in the PHPGurukul Student Record System, affecting an unknown function of the file "change-password.php". The manipulation of the currentpassword argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For PHPGurukul Student Record System version 3.20, as a temporary workaround, consider disabling the change password function until a patch is available. Restrict access to the "/change-password.php" file to minimize the risk of exploitation. Avoid using the currentpassword argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.