CVE Details
Basic Information
| Title | PHPGurukul Rail Pass Management System download-pass.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-04T02:00:22.090Z |
| Last Seen |
Product Information
| Vendor | PHPGurukul |
|---|---|
| Product | Rail Pass Management System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical SQL injection vulnerability exists in PHPGurukul Rail Pass Management System 1.0. The vulnerability is in the /download-pass.php file and can be exploited remotely by manipulating the ‘searchdata’ argument. The exploit has been publicly disclosed and may be used in attacks. |
|---|---|
| AI Severity | High |
| Vendor | PHPGurukul |
| Product | Rail Pass Management System |
| Affected Version | 1.0 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family | |
| Source Data | PHPGurukul Rail Pass Management System 1.0 |
Source Information
| Source Data | PHPGurukul Rail Pass Management System 1.0 |
|---|---|
| Source Link |
Description
A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download-pass.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score Summary
Base Score: 6.9 (MEDIUM)