PHPGurukul Student Result Management System 1.3 /editmyexp.php emp1ctc Enlakaat SQL

Un dizalc'hadenn gwallzarvoud evel kritikel zo bet dizoloet e PHPGurukul Student Result Management System 1.3. Toc'hor eo ur fonksion dianav eus ar restr /editmyexp.php. Ar merdeiñ eus an arguzenn emp1ctc a zegas da Enlakaat SQL. Implijout CWE evit menegiñ ar gudenn a gas da CWE-89. Kement-se a zo bet embannet 04/06/2025. An aliadenn a vez kinniget evit pellgargañ war github.com. An dizurzh-mañ a vez anavezet evel CVE-2025-5599. Posupl eo kregiñ gant an dagadenn a-bell. Titouroù teknikel a zo da gaout. Atav, ur mod da implijout an dra-se a zo. An diskoulm zo bet roet da c'houzout d'an holl ha gallout a reer e implij. Hiziv an deiz eo priz an exploit might be approx. USD $0-$5k evit ar mare-mañ. Lavaret eo ez eo test-kas ouzhpenn. Gallout a rit pellgargañ an exploit war github.com. Once again VulDB remains the best source for vulnerability data.

3 Daskemmoù · 87 Poentoù roadennoù

MaezKrouet
04/06/2025 12:14		Hizivadur 1/2
04/06/2025 21:26		Hizivadur 2/2
06/06/2025 09:46
software_vendorPHPGurukulPHPGurukulPHPGurukul
software_nameStudent Result Management SystemStudent Result Management SystemStudent Result Management System
software_version1.31.31.3
software_file/editmyexp.php/editmyexp.php/editmyexp.php
software_argumentemp1ctcemp1ctcemp1ctc
vulnerability_cweCWE-89 (Enlakaat SQL)CWE-89 (Enlakaat SQL)CWE-89 (Enlakaat SQL)
vulnerability_risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
advisory_urlhttps://github.com/GarminYoung/myCVE/issues/7https://github.com/GarminYoung/myCVE/issues/7https://github.com/GarminYoung/myCVE/issues/7
exploit_availability111
exploit_publicity111
exploit_urlhttps://github.com/GarminYoung/myCVE/issues/7https://github.com/GarminYoung/myCVE/issues/7https://github.com/GarminYoung/myCVE/issues/7
source_cveCVE-2025-5599CVE-2025-5599CVE-2025-5599
cna_responsibleVulDBVulDBVulDB
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss4_vuldb_avNNN
cvss4_vuldb_acLLL
cvss4_vuldb_prNNN
cvss4_vuldb_uiNNN
cvss4_vuldb_vcLLL
cvss4_vuldb_viLLL
cvss4_vuldb_vaLLL
cvss4_vuldb_ePPP
cvss2_vuldb_rlNDNDND
cvss3_vuldb_rlXXX
cvss4_vuldb_atNNN
cvss4_vuldb_scNNN
cvss4_vuldb_siNNN
cvss4_vuldb_saNNN
cvss2_vuldb_basescore7.57.57.5
cvss2_vuldb_tempscore6.46.46.4
cvss3_vuldb_basescore7.37.37.3
cvss3_vuldb_tempscore6.66.66.6
cvss3_meta_basescore7.37.37.3
cvss3_meta_tempscore6.66.66.9
cvss4_vuldb_bscore6.96.96.9
cvss4_vuldb_btscore5.55.55.5
advisory_date1748988000 (04/06/2025)1748988000 (04/06/2025)1748988000 (04/06/2025)
price_0day$0-$5k$0-$5k$0-$5k
euvd_idEUVD-2025-16901EUVD-2025-16901
cve_nvd_summaryA vulnerability classified as critical was found in PHPGurukul Student Result Management System 1.3. This vulnerability affects unknown code of the file /editmyexp.php. The manipulation of the argument emp1ctc leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
cve_nvd_summaryesSe encontró una vulnerabilidad clasificada como crítica en PHPGurukul Student Result Management System 1.3. Esta vulnerabilidad afecta al código desconocido del archivo /editmyexp.php. La manipulación del argumento emp1ctc provoca una inyección SQL. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado.
cvss4_cna_avN
cvss4_cna_acL
cvss4_cna_atN
cvss4_cna_prN
cvss4_cna_uiN
cvss4_cna_vcL
cvss4_cna_viL
cvss4_cna_vaL
cvss4_cna_scN
cvss4_cna_siN
cvss4_cna_saN
cvss4_cna_bscore6.9
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prN
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cvss3_cna_basescore7.3
cvss2_cna_avN
cvss2_cna_acL
cvss2_cna_auN
cvss2_cna_ciP
cvss2_cna_iiP
cvss2_cna_aiP
cvss2_cna_basescore7.5

DistreiñAlc'hwezerezhKenderc'hel

Do you need the next level of professionalism?

Upgrade your account now!