PT-2025-29406 · Phpgurukul · Phpgurukul Online Fire Reporting System
F1Rstb100D
·
Published
2025-07-14
·
Updated
2025-07-14
·
CVE-2025-7560
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
PHPGurukul Online Fire Reporting System version 1.2
Description:
A critical issue exists in PHPGurukul Online Fire Reporting System 1.2. The vulnerability is due to a SQL injection within the
/admin/workin-progress-requests.php file. Manipulation of the teamid parameter allows for remote exploitation. The exploit has been publicly disclosed.Recommendations:
Update PHPGurukul Online Fire Reporting System to a newer version that addresses this issue.
As a temporary workaround, restrict access to the
/admin/workin-progress-requests.php file.
Avoid using the teamid parameter in the affected API endpoint until the issue is resolved.Exploit
Fix
SQL injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Phpgurukul Online Fire Reporting System