PT-2025-8727 · Unknown · Phpgurukul Land Record System Project

Published

2025-02-26

Updated

2025-03-08

CVE-2025-25462

CVSS v3.1

5.5

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions PHPGurukul Land Record System Project version 1.0

Description A SQL Injection issue was discovered in the /admin/add-propertytype.php file, allowing remote attackers to execute arbitrary code via the propertytype POST request parameter in the PHP v1.0 version of the system.

Recommendations For version 1.0, consider restricting access to the /admin/add-propertytype.php file and avoid using the propertytype parameter in the affected POST request until a fix is available. As a temporary workaround, disabling the execution of arbitrary code via the propertytype parameter can help minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-25462

Affected Products

Phpgurukul Land Record System Project

PT-2025-8727 · Unknown · Phpgurukul Land Record System Project

CVE-2025-25462

Weakness Enumeration

Related Identifiers

Affected Products

References · 5