CVE-2025-7161

CVSS v3.1

8.8

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: PHPGurukul Zoo Management System version 2.1

Description: A critical vulnerability exists in PHPGurukul Zoo Management System 2.1. The vulnerability is located in unknown code within the

/admin/add-normal-ticket.php

file. Manipulation of the

cprice

argument results in a SQL injection. The attack can be initiated remotely. The exploit has been publicly disclosed.

Recommendations: For PHPGurukul Zoo Management System version 2.1, sanitize or validate the

cprice

argument to prevent SQL injection. As a temporary workaround, restrict access to the

/admin/add-normal-ticket.php

file.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

CVE-2025-7161

Phpgurukul Zoo Management System