CVE Details
Basic Information
| Title | PHPGurukul Human Metapneumovirus Testing Management System new-user-testing.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-06T00:00:19.058Z |
| Last Seen |
Product Information
| Vendor | PHPGurukul |
|---|---|
| Product | Human Metapneumovirus Testing Management System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical vulnerability in PHPGurukul’s Human Metapneumovirus Testing Management System 1.0 allows remote attackers to perform SQL injection via the ‘state’ parameter in the ‘/new-user-testing.php’ file. This can lead to unauthorized data access or manipulation. The exploit is publicly disclosed and may be actively exploited. |
|---|---|
| AI Severity | High |
| Vendor | PHPGurukul |
| Product | Human Metapneumovirus Testing Management System |
| Affected Version | 1.0 |
Affected Products
- PHPGurukul Human Metapneumovirus Testing Management System 1.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family |
References
Description
A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /new-user-testing.php. The manipulation of the argument state leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.