PT-2025-29340 · Phpgurukul · Phpgurukul User Registration & Login/User Management System

4M3Rr0R

Published

2025-07-12

Updated

2025-07-14

CVE-2025-7542

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: PHPGurukul User Registration & Login and User Management System version 3.3

Description: A critical vulnerability exists in PHPGurukul User Registration & Login and User Management System. The issue is related to a SQL injection vulnerability within an unknown functionality of the file /admin/user-profile.php. Manipulation of the uid argument can lead to successful exploitation. The attack can be launched remotely, and the exploit has been publicly disclosed.

Recommendations: For PHPGurukul User Registration & Login and User Management System version 3.3, restrict access to the /admin/user-profile.php file or sanitize the uid argument to prevent SQL injection.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-7542

Affected Products

Phpgurukul User Registration & Login/User Management System

CVE-2025-7542

Weakness Enumeration

Related Identifiers

Affected Products

References · 12