CVE Details
Basic Information
| Title | PHPGurukul Vehicle Parking Management System profile.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-07-12T16:32:06.399Z |
| Modified | 2025-07-12T16:32:06.399Z |
Product Information
| Vendor | PHPGurukul |
|---|---|
| Product | Vehicle Parking Management System |
| Version | 1.13 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A SQL injection vulnerability in PHPGurukul’s Vehicle Parking Management System allows remote attackers to inject malicious SQL code via the firstname parameter in profile.php. |
|---|---|
| AI Severity | Medium |
| AI Vendor | PHPGurukul |
| AI Product | Vehicle Parking Management System |
| AI Version | 1.13 |
Affected Products
- PHPGurukul Vehicle Parking Management System 1.13
Additional Information
| CWE List | CWE-89, CWE-74 |
|---|---|
| Source | VulDB |
Description
A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been classified as critical. This affects an unknown part of the file /users/profile.php. The manipulation of the argument firstname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.