CVE Details
Basic Information
| Title | PHPGurukul Employee Record Management System editmyexp.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-06T15:31:06.556Z |
| Last Seen |
Product Information
| Vendor | PHPGurukul |
|---|---|
| Product | Employee Record Management System |
| Version | 1.3 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical SQL injection vulnerability was discovered in PHPGurukul’s Employee Record Management System version 1.3. This vulnerability allows remote attackers to inject malicious SQL code without authentication, potentially leading to unauthorized data access and modification. |
|---|---|
| AI Severity | High |
| Vendor | PHPGurukul |
| Product | Employee Record Management System |
| Affected Version | 1.3 |
Affected Products
- PHPGurukul Employee Record Management System 1.3
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family |
References
Description
A vulnerability, which was classified as critical, was found in PHPGurukul Employee Record Management System 1.3. This affects an unknown part of the file /editmyexp.php. The manipulation of the argument emp3workduration leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.