CVE-2025-10114

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: PHPGurukul Small CRM version 4.0

Description: A SQL injection issue exists in PHPGurukul Small CRM version 4.0, specifically within the /profile.php file. The Name parameter is susceptible to manipulation, allowing for remote exploitation. The exploit has been publicly disclosed.

Recommendations: As a temporary workaround, consider restricting access to the /profile.php file until a patch is available. Sanitize the Name parameter before using it in any SQL queries.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-10114

Affected Products

Phpgurukul Small Crm

CVE-2025-10114

Weakness Enumeration

Related Identifiers

Affected Products

References · 12