PT-2025-24076 · Unknown · Phpgurukul Local Services Search Engine Management System
Pjwww13447
·
Published
2025-06-06
·
Updated
2025-06-06
·
CVE-2025-5759
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PHPGurukul Local Services Search Engine Management System version 2.1
Description
A critical issue was found in the PHPGurukul Local Services Search Engine Management System. This issue affects the file
/admin/edit-person-detail.php and is related to the manipulation of the editid argument, leading to SQL injection. The attack can be initiated remotely.Recommendations
For PHPGurukul Local Services Search Engine Management System version 2.1, consider restricting access to the
/admin/edit-person-detail.php endpoint until a patch is available. As a temporary workaround, avoid using the editid argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Phpgurukul Local Services Search Engine Management System