PT-2025-36427 · Phpgurukul · Phpgurukul Small Crm
Li Hu
·
Published
2025-09-08
·
Updated
2025-09-13
·
CVE-2025-10079
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PHPGurukul Small CRM version 4.0
Description
A SQL injection flaw exists in PHPGurukul Small CRM version 4.0. The issue is located in the
/get-quote.php file, where manipulation of the Contact argument can lead to SQL injection. This attack can be executed remotely.Recommendations
As a temporary workaround, restrict access to the
/get-quote.php file until a fix is available.
Sanitize the Contact parameter before using it in SQL queries.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Phpgurukul Small Crm