CVE Details
Basic Information
| Title | PHPGurukul Daily Expense Tracker System expense-yearwise-reports-detailed.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-05-31T04:00:08.341Z |
| Last Seen |
Product Information
| Vendor | PHPGurukul |
|---|---|
| Product | Daily Expense Tracker System |
| Version | 1.1 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A SQL injection vulnerability in the Daily Expense Tracker System allows remote attackers to inject malicious SQL code via the ‘todate’ parameter in expense-yearwise-reports-detailed.php. |
|---|---|
| AI Severity | Medium |
| Vendor | PHPGurukul |
| Product | Daily Expense Tracker System |
| Affected Version | 1.1 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family | |
| Source Data | PHPGurukul Daily Expense Tracker System 1.1 |
Source Information
| Source Data | PHPGurukul Daily Expense Tracker System 1.1 |
|---|---|
| Source Link |
Description
A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. It has been rated as critical. This issue affects some unknown processing of the file /expense-yearwise-reports-detailed.php. The manipulation of the argument todate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score Summary
Base Score: 5.3 (MEDIUM)