CVE Details
Basic Information
| Title | PHPGurukul Complaint Management System updatecomplaint.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-05T12:31:07.351Z |
| Last Seen |
Product Information
| Vendor | PHPGurukul |
|---|---|
| Product | Complaint Management System |
| Version | 2.0 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical SQL injection vulnerability exists in PHPGurukul’s Complaint Management System 2.0, allowing remote attackers to inject malicious SQL code via the Status argument in updatecomplaint.php. This could lead to unauthorized data access or modification. The exploit is publicly available, increasing the risk of exploitation. |
|---|---|
| AI Severity | Medium |
| Vendor | PHPGurukul |
| Product | Complaint Management System |
| Affected Version | 2.0 |
Affected Products
- PHPGurukul Complaint Management System 2.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family |
References
Description
A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function of the file /admin/updatecomplaint.php. The manipulation of the argument Status leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.