PT-2025-29447 · Phpgurukul · Phpgurukul Dairy Farm Shop Management System
F1Rstb100D
·
Published
2025-07-14
·
Updated
2025-07-14
·
CVE-2025-7592
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
PHPGurukul Dairy Farm Shop Management System version 1.3
Description:
A critical issue exists in PHPGurukul Dairy Farm Shop Management System 1.3. This issue is due to a SQL injection vulnerability within the
invoices.php and receipts.php files. The vulnerability is triggered by manipulating the del argument, allowing for remote exploitation. The exploit for this issue has been publicly disclosed.Recommendations:
Update to a newer version of PHPGurukul Dairy Farm Shop Management System that addresses this SQL injection issue.
As a temporary workaround, restrict access to the
invoices.php and receipts.php files.
Sanitize the del parameter before using it in SQL queries.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Phpgurukul Dairy Farm Shop Management System