CVE Details
Basic Information
| Title | PHPGurukul Student Record System admin-profile.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-30T15:32:06.995Z |
| Last Seen |
Product Information
| Vendor | PHPGurukul |
|---|---|
| Product | Student Record System |
| Version | 3.2 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical SQL injection vulnerability has been discovered in the admin-profile.php file of PHPGurukul Student Record System version 3.2. This vulnerability allows remote attackers to inject malicious SQL code via the aemailid argument, potentially leading to unauthorized data access and manipulation. The exploit details have been publicly disclosed. |
|---|---|
| AI Severity | High |
| Vendor | PHPGurukul |
| Product | Student Record System |
| Affected Version | 3.2 |
Affected Products
- PHPGurukul Student Record System 3.2
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family |
References
Description
A vulnerability classified as critical has been found in PHPGurukul Student Record System 3.2. Affected is an unknown function of the file /admin-profile.php. The manipulation of the argument aemailid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.