CVE-2025-13247

Name of the Vulnerable Software and Affected Versions PHPGurukul Tourism Management System version 1.0

Description A security flaw exists in PHPGurukul Tourism Management System 1.0. The issue is related to SQL injection within an unknown function of the file /admin/user-bookings.php. Manipulation of the uid argument can trigger the injection. The attack can be launched remotely, and an exploit has been publicly released.

Recommendations Apply any available updates or patches for the software. As a temporary workaround, restrict access to the /admin/user-bookings.php file. Sanitize the uid input to prevent SQL injection attacks.