VDB-311007 · CVE-2025-5556 · EUVD-2025-16804

PHPGurukul Teacher Subject Allocation Management System 1.0 edit-teacher-info.php editid SQL Injection

KusonikaMbote ya kalakumanga hamwejsonxmlCTI

Dibundu diaka kele ti ya nkaka me mona mu PHPGurukul Teacher Subject Allocation Management System 1.0. Bila mambu meyina mpila kisalu kayina kumanyikana ya file /admin/edit-teacher-info.php. Kuna kusala ya argument editid kele na ntwala SQL Injection. Kusadila CWE na kuyambula mpasi kele na CWE-89. Bulema yawu zabisamaka 06/03/2025. Mbote ya kulanga inani ya downloadi kele na github.com. Kikosa yai kele na zina CVE-2025-5556. Ke luyalu ya ku sala ataaka na kutali. Bisalu bya tekiniki bibonakana. Na kati, kele ti exploit yina me zaba. Kusadila kwawu kwazwisisamene na bantu bonso mpi lenda salama. Ntangu yai, disolo ya ntalu ya exploit mpeve ve USD $0-$5k. O lenda zinga exploit na github.com. Na 0-day, mbongo ya kisalu ya zola-zola na zandu ya zingi-zingi ke vandaka pene na $0-$5k. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

4 Bisalu · 98 Minsungi ya data

Nséke	Kusala 06/03/2025 18:59	Kusala kisalu kipya 1/3 06/04/2025 07:08	Kusala kisalu kipya 2/3 06/04/2025 09:22	Kusala kisalu kipya 3/3 06/11/2025 00:32
software_argument	editid	editid	editid	editid
vulnerability_cwe	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_url	https://github.com/f1rstb100d/myCVE/issues/32	https://github.com/f1rstb100d/myCVE/issues/32	https://github.com/f1rstb100d/myCVE/issues/32	https://github.com/f1rstb100d/myCVE/issues/32
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/f1rstb100d/myCVE/issues/32	https://github.com/f1rstb100d/myCVE/issues/32	https://github.com/f1rstb100d/myCVE/issues/32	https://github.com/f1rstb100d/myCVE/issues/32
source_cve	CVE-2025-5556	CVE-2025-5556	CVE-2025-5556	CVE-2025-5556
cna_responsible	VulDB	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	L	L	L	L
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	L	L	L	L
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	6.3	7.1
cvss3_meta_tempscore	5.7	5.7	6.0	6.9
cvss4_vuldb_bscore	5.3	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1	2.1
advisory_date	1748901600 (06/03/2025)	1748901600 (06/03/2025)	1748901600 (06/03/2025)	1748901600 (06/03/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
software_vendor	PHPGurukul	PHPGurukul	PHPGurukul	PHPGurukul
software_name	Teacher Subject Allocation Management System	Teacher Subject Allocation Management System	Teacher Subject Allocation Management System	Teacher Subject Allocation Management System
software_version	1.0	1.0	1.0	1.0
software_file	/admin/edit-teacher-info.php	/admin/edit-teacher-info.php	/admin/edit-teacher-info.php	/admin/edit-teacher-info.php
euvd_id		EUVD-2025-16804	EUVD-2025-16804	EUVD-2025-16804
cvss4_cna_av			N	N
cvss4_cna_ac			L	L
cvss4_cna_at			N	N
cvss4_cna_pr			L	L
cvss4_cna_ui			N	N
cvss4_cna_vc			L	L
cvss4_cna_vi			L	L
cvss4_cna_va			L	L
cvss4_cna_sc			N	N
cvss4_cna_si			N	N
cvss4_cna_sa			N	N
cvss4_cna_bscore			5.3	5.3
cvss3_cna_av			N	N
cvss3_cna_ac			L	L
cvss3_cna_pr			L	L
cvss3_cna_ui			N	N
cvss3_cna_s			U	U
cvss3_cna_c			L	L
cvss3_cna_i			L	L
cvss3_cna_a			L	L
cvss3_cna_basescore			6.3	6.3
cvss2_cna_av			N	N
cvss2_cna_ac			L	L
cvss2_cna_au			S	S
cvss2_cna_ci			P	P
cvss2_cna_ii			P	P
cvss2_cna_ai			P	P
cvss2_cna_basescore			6.5	6.5
cve_nvd_summary			A vulnerability, which was classified as critical, was found in PHPGurukul Teacher Subject Allocation Management System 1.0. This affects an unknown part of the file /admin/edit-teacher-info.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.	A vulnerability, which was classified as critical, was found in PHPGurukul Teacher Subject Allocation Management System 1.0. This affects an unknown part of the file /admin/edit-teacher-info.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
cve_nvd_summaryes				Se encontró una vulnerabilidad clasificada como crítica en PHPGurukul Teacher Subject Allocation Management System 1.0. Esta afecta a una parte desconocida del archivo /admin/edit-teacher-info.php. La manipulación del argumento editid provoca una inyección SQL. Es posible iniciar el ataque de forma remota. Se ha hecho público el exploit y puede que sea utilizado.
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				L
cvss3_nvd_ui				N
cvss3_nvd_s				U
cvss3_nvd_c				H
cvss3_nvd_i				H
cvss3_nvd_a				H
cvss3_nvd_basescore				8.8

◂ Kubutuka Lutalu Ya Mambu Kende na ntwala ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!