PT-2025-21281 · Unknown · Phpgurukul Vehicle Record Management System
Published
2025-05-15
·
Updated
2025-05-15
·
CVE-2025-44182
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Phpgurukul Vehicle Record Management System version 1.0
Description:
The issue allows attackers to execute arbitrary code via Cross Site Scripting (XSS) in the
vehiclename, modelnumber, regnumber, vehiclesubtype, chasisnum, and enginenumber variables in the "/admin/edit-vehicle.php" API endpoint.Recommendations:
For Phpgurukul Vehicle Record Management System version 1.0, consider disabling the editing functionality in the "/admin/edit-vehicle.php" component until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the variables
vehiclename, modelnumber, regnumber, vehiclesubtype, chasisnum, and enginenumber to minimize the risk of arbitrary code execution.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpgurukul Vehicle Record Management System