CVE Details
Basic Information
| Title | PHPGurukul Student Record System login.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-05-27T00:31:05.500Z |
| Last Seen |
Product Information
| Vendor | PHPGurukul |
|---|---|
| Product | Student Record System |
| Version | 3.20 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical SQL injection vulnerability exists in PHPGurukul’s Student Record System version 3.20, specifically in the /login.php file. Attackers can exploit this by manipulating the ID parameter, potentially gaining unauthorized access to the database. The vulnerability is remotely exploitable and has been publicly disclosed, increasing the risk of exploitation. |
|---|---|
| AI Severity | High |
| Vendor | PHPGurukul |
| Product | Student Record System |
| Affected Version | 3.20 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family | |
| Source Data | PHPGurukul Student Record System 3.20 |
Source Information
| Source Data | PHPGurukul Student Record System 3.20 |
|---|---|
| Source Link |
Description
A vulnerability classified as critical was found in PHPGurukul Student Record System 3.20. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score Summary
Base Score: 6.9 (MEDIUM)