CVE-2025-1952

Name of the Vulnerable Software and Affected Versions PHPGurukul Restaurant Table Booking System version 1.0

Description A critical issue was found in the PHPGurukul Restaurant Table Booking System. The problem is related to an unknown function of the file /admin/password-recovery.php, where the manipulation of the username or mobileno argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For PHPGurukul Restaurant Table Booking System version 1.0, as a temporary workaround, consider disabling the password recovery functionality in the /admin/password-recovery.php file until a patch is available. Restrict access to this file to minimize the risk of exploitation. Avoid using the username and mobileno arguments in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.