CVE Details
Basic Information
| Title | PHPGurukul Notice Board System forgot-password.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-05T05:31:06.774Z |
| Last Seen |
Product Information
| Vendor | PHPGurukul |
|---|---|
| Product | Notice Board System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | The PHPGurukul Notice Board System version 1.0 is vulnerable to SQL injection via the ’email’ parameter in the /forgot-password.php file. This allows remote attackers to execute arbitrary SQL commands, potentially compromising the system. The vulnerability has been publicly disclosed and may be actively exploited. |
|---|---|
| AI Severity | High |
| Vendor | PHPGurukul |
| Product | Notice Board System |
| Affected Version | 1.0 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family | |
| Source Data | PHPGurukul Notice Board System 1.0 |
Source Information
| Source Data | PHPGurukul Notice Board System 1.0 |
|---|---|
| Source Link |
Description
A vulnerability was found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score Summary
Base Score: 6.9 (MEDIUM)