{"id":1924,"date":"2025-04-28T01:33:58","date_gmt":"2025-04-28T01:33:58","guid":{"rendered":"http:\/\/localhost\/?p=1924"},"modified":"2025-04-28T01:33:58","modified_gmt":"2025-04-28T01:33:58","slug":"cve-2025-4004-phpgurukul-covid19-testing-management-system-password-recoveryphp-sql-injection","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=1924","title":{"rendered":"CVE-2025-4004 PHPGurukul COVID19 Testing Management System password-recovery.php sql injection"},"content":{"rendered":"<div class=\"vulnerability-details\">\n<h2>Vulnerability Details<\/h2>\n<div class=\"info-section\">\n<h3>Basic Information<\/h3>\n<table class=\"info-table\">\n<tr>\n<th>Title<\/th>\n<td>CVE-2025-4004 PHPGurukul COVID19 Testing Management System password-recovery.php sql injection<\/td>\n<\/tr>\n<tr>\n<th>Type<\/th>\n<td>cvelist<\/td>\n<\/tr>\n<tr>\n<th>Published<\/th>\n<td>2025-04-28T06:00:07<\/td>\n<\/tr>\n<tr>\n<th>Last Seen<\/th>\n<td>2025-04-28T06:26:44<\/td>\n<\/tr>\n<tr>\n<th>CVSS Score<\/th>\n<td style=\"color: #ff6600; font-weight: bold;\">7.3 (HIGH)<\/td>\n<\/tr>\n<\/table><\/div>\n<div class=\"cvss-section\">\n<h3>CVSS v3 Details<\/h3>\n<table class=\"cvss-table\">\n<tr>\n<th>Attack Vector<\/th>\n<td>NETWORK<\/td>\n<\/tr>\n<tr>\n<th>Attack Complexity<\/th>\n<td>LOW<\/td>\n<\/tr>\n<tr>\n<th>Privileges Required<\/th>\n<td>NONE<\/td>\n<\/tr>\n<tr>\n<th>User Interaction<\/th>\n<td>NONE<\/td>\n<\/tr>\n<tr>\n<th>Scope<\/th>\n<td>UNCHANGED<\/td>\n<\/tr>\n<tr>\n<th>Confidentiality Impact<\/th>\n<td>LOW<\/td>\n<\/tr>\n<tr>\n<th>Integrity Impact<\/th>\n<td>LOW<\/td>\n<\/tr>\n<tr>\n<th>Availability Impact<\/th>\n<td>LOW<\/td>\n<\/tr>\n<\/table><\/div>\n<div class=\"cve-section\">\n<h3>CVE Information<\/h3>\n<table class=\"cve-table\">\n<tr>\n<th>CVE IDs<\/th>\n<td>CVE-2025-4004<\/td>\n<\/tr>\n<tr>\n<th>CWE<\/th>\n<td>CWE-89, CWE-74<\/td>\n<\/tr>\n<tr>\n<th>Bulletin Family<\/th>\n<td>cve<\/td>\n<\/tr>\n<\/table><\/div>\n<div class=\"description-section\">\n<h3>Description<\/h3>\n<div class=\"description-content\">\n            A vulnerability was found in PHPGurukul COVID19 Testing Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file \/password-recovery.php. The manipulation of the argument contactno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.\n        <\/div>\n<\/p><\/div>\n<div class=\"impact-section\">\n<h3>Impact Assessment<\/h3>\n<table class=\"impact-table\">\n<tr>\n<th>Base Score<\/th>\n<td>7.3<\/td>\n<\/tr>\n<tr>\n<th>Severity<\/th>\n<td style=\"color: #ff6600;\">HIGH<\/td>\n<\/tr>\n<\/table><\/div>\n<div class=\"source-link\">\n<p><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-4004\" target=\"_blank\">View full CVE details<\/a><\/p>\n<\/p><\/div>\n<\/div>\n<style>\n.vulnerability-details {\n    font-family: Arial, sans-serif;\n    max-width: 1200px;\n    margin: 0 auto;\n    padding: 20px;\n}<\/p>\n<p>.info-section, .cvss-section, .cve-section, .description-section, .impact-section {\n    margin-bottom: 30px;\n    background: #f8f9fa;\n    padding: 20px;\n    border-radius: 8px;\n    box-shadow: 0 2px 4px rgba(0,0,0,0.1);\n}<\/p>\n<p>h2 {\n    color: #2c3e50;\n    border-bottom: 2px solid #3498db;\n    padding-bottom: 10px;\n    margin-bottom: 20px;\n}<\/p>\n<p>h3 {\n    color: #34495e;\n    margin-bottom: 15px;\n}<\/p>\n<p>.info-table, .cvss-table, .cve-table, .impact-table {\n    width: 100%;\n    border-collapse: collapse;\n    margin-bottom: 20px;\n}<\/p>\n<p>.info-table th, .cvss-table th, .cve-table th, .impact-table th {\n    background: #e9ecef;\n    padding: 12px;\n    text-align: left;\n    width: 200px;\n}<\/p>\n<p>.info-table td, .cvss-table td, .cve-table td, .impact-table td {\n    padding: 12px;\n    border-bottom: 1px solid #dee2e6;\n}<\/p>\n<p>.description-content {\n    line-height: 1.6;\n    color: #2c3e50;\n}<\/p>\n<p>.source-link {\n    text-align: center;\n    margin-top: 30px;\n}<\/p>\n<p>.source-link a {\n    display: inline-block;\n    padding: 10px 20px;\n    background: #3498db;\n    color: white;\n    text-decoration: none;\n    border-radius: 5px;\n    transition: background 0.3s;\n}<\/p>\n<p>.source-link a:hover {\n    background: #2980b9;\n}\n<\/style>\n","protected":false},"excerpt":{"rendered":"<p>Vulnerability Details Basic Information Title CVE-2025-4004 PHPGurukul COVID19 Testing Management System password-recovery.php sql injection Type cvelist Published 2025-04-28T06:00:07 Last Seen 2025-04-28T06:26:44 CVSS Score 7.3 (HIGH)&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,24,8,48,12,21,13,7,11,5],"class_list":["post-1924","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvelist","tag-cvss","tag-cvss-69","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CVE-2025-4004 PHPGurukul COVID19 Testing Management System password-recovery.php sql injection - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=1924\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CVE-2025-4004 PHPGurukul COVID19 Testing Management System password-recovery.php sql injection - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Vulnerability Details Basic Information Title CVE-2025-4004 PHPGurukul COVID19 Testing Management System password-recovery.php sql injection Type cvelist Published 2025-04-28T06:00:07 Last Seen 2025-04-28T06:26:44 CVSS Score 7.3 (HIGH)...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=1924\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-04-28T01:33:58+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1924#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1924\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"CVE-2025-4004 PHPGurukul COVID19 Testing Management System password-recovery.php sql injection\",\"datePublished\":\"2025-04-28T01:33:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1924\"},\"wordCount\":151,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"cvelist\",\"CVSS\",\"CVSS-6.9\",\"exploit\",\"MEDIUM\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=1924#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1924\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1924\",\"name\":\"CVE-2025-4004 PHPGurukul COVID19 Testing Management System password-recovery.php sql injection - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-04-28T01:33:58+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1924#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=1924\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=1924#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CVE-2025-4004 PHPGurukul COVID19 Testing Management System password-recovery.php sql injection\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CVE-2025-4004 PHPGurukul COVID19 Testing Management System password-recovery.php sql injection - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=1924","og_locale":"en_US","og_type":"article","og_title":"CVE-2025-4004 PHPGurukul COVID19 Testing Management System password-recovery.php sql injection - zero redgem","og_description":"Vulnerability Details Basic Information Title CVE-2025-4004 PHPGurukul COVID19 Testing Management System password-recovery.php sql injection Type cvelist Published 2025-04-28T06:00:07 Last Seen 2025-04-28T06:26:44 CVSS Score 7.3 (HIGH)...","og_url":"https:\/\/zero.redgem.net\/?p=1924","og_site_name":"zero redgem","article_published_time":"2025-04-28T01:33:58+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=1924#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=1924"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"CVE-2025-4004 PHPGurukul COVID19 Testing Management System password-recovery.php sql injection","datePublished":"2025-04-28T01:33:58+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=1924"},"wordCount":151,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","cvelist","CVSS","CVSS-6.9","exploit","MEDIUM","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=1924#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=1924","url":"https:\/\/zero.redgem.net\/?p=1924","name":"CVE-2025-4004 PHPGurukul COVID19 Testing Management System password-recovery.php sql injection - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-04-28T01:33:58+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=1924#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=1924"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=1924#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"CVE-2025-4004 PHPGurukul COVID19 Testing Management System password-recovery.php sql injection"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/1924","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1924"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/1924\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1924"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1924"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1924"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}