CVE-2025-7161

Name of the Vulnerable Software and Affected Versions: PHPGurukul Zoo Management System version 2.1

Description: A critical vulnerability exists in PHPGurukul Zoo Management System 2.1. The vulnerability is located in unknown code within the /admin/add-normal-ticket.php file. Manipulation of the cprice argument results in a SQL injection. The attack can be initiated remotely. The exploit has been publicly disclosed.

Recommendations: For PHPGurukul Zoo Management System version 2.1, sanitize or validate the cprice argument to prevent SQL injection. As a temporary workaround, restrict access to the /admin/add-normal-ticket.php file.