CVE Details
Basic Information
| Title | PHPGurukul Teachers Record Management System changeimage.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-30T05:02:07.006Z |
| Last Seen |
Product Information
| Vendor | PHPGurukul |
|---|---|
| Product | Teachers Record Management System |
| Version | 2.1 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A SQL injection vulnerability in PHPGurukul’s Teachers Record Management System version 2.1 allows remote attackers to inject malicious SQL code via the ‘tid’ argument in changeimage.php. This could lead to unauthorized data access or modification. |
|---|---|
| AI Severity | Medium |
| Vendor | PHPGurukul |
| Product | Teachers Record Management System |
| Affected Version | 2.1 |
Affected Products
- PHPGurukul Teachers Record Management System 2.1
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family |
References
Description
A vulnerability was found in PHPGurukul Teachers Record Management System 2.1. It has been classified as critical. This affects an unknown part of the file /admin/changeimage.php. The manipulation of the argument tid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.