PT-2025-20557 · Unknown · Phpgurukul Vehicle Parking Management System
Published
2025-05-09
·
Updated
2025-12-27
·
CVE-2025-45885
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PHPGURUKUL Vehicle Parking Management System version 1.13
Description
The issue concerns a SQL injection vulnerability. Attackers can inject malicious code through the
emailcont parameter in the "/vpms/users/login.php" API endpoint, which is then used directly in SQL queries.Recommendations
For PHPGURUKUL Vehicle Parking Management System version 1.13, consider restricting access to the "/vpms/users/login.php" endpoint until a patch is available, and avoid using the
emailcont parameter in this endpoint to minimize the risk of exploitation.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpgurukul Vehicle Parking Management System