VDB-306374 · CVE-2025-4020 · GCVE-100-306374

PHPGurukul Old Age Home Management System 1.0 /contact.php fname SQL Injection

Hakika vulnerability da aka rarraba a matsayin kura an gano a PHPGurukul Old Age Home Management System 1.0. Tabbas, aikin $software_function ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil /contact.php, a cikin sashi $software_component. Wuro manipulation of the argument fname ga SQL Injection. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-89. Lalle, rauni an sanar da shi 04/27/2025. Ana samun bayanin tsaro don saukewa a github.com. Ana kiran wannan rauni da CVE-2025-4020. Ngam yiɗi ka a tuma ndiyam ka nder layi. Bayani na fasaha ga. Kuma, akwai exploit. Exploit ɗin an bayyana wa jama'a, za a iya amfani da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á yí huɗɗi-na-gaskiya. Za a iya samun exploit a github.com. 0-day ga, an ndiyam a wuro be $0-$5k. If you want to get best quality of vulnerability data, you may have to visit VulDB.

2 Goyarwa · 86 Datenpunkte

Furɗe	Súgá 04/27/2025 21:21	Gargadi 1/1 04/28/2025 15:24
software_vendor	PHPGurukul	PHPGurukul
software_name	Old Age Home Management System	Old Age Home Management System
software_version	1.0	1.0
software_file	/contact.php	/contact.php
software_argument	fname	fname
vulnerability_cwe	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)
vulnerability_risk	2	2
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_pr	N	N
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	L	L
cvss3_vuldb_i	L	L
cvss3_vuldb_a	L	L
cvss3_vuldb_e	P	P
cvss3_vuldb_rc	R	R
advisory_url	https://github.com/Q3qc1n/myCVE/issues/1	https://github.com/Q3qc1n/myCVE/issues/1
exploit_availability	1	1
exploit_publicity	1	1
exploit_url	https://github.com/Q3qc1n/myCVE/issues/1	https://github.com/Q3qc1n/myCVE/issues/1
source_cve	CVE-2025-4020	CVE-2025-4020
cna_responsible	VulDB	VulDB
decision_summary	Other parameters might be affected as well.	Other parameters might be affected as well.
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_au	N	N
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	P	P
cvss2_vuldb_e	POC	POC
cvss2_vuldb_rc	UR	UR
cvss4_vuldb_av	N	N
cvss4_vuldb_ac	L	L
cvss4_vuldb_pr	N	N
cvss4_vuldb_ui	N	N
cvss4_vuldb_vc	L	L
cvss4_vuldb_vi	L	L
cvss4_vuldb_va	L	L
cvss4_vuldb_e	P	P
cvss2_vuldb_rl	ND	ND
cvss3_vuldb_rl	X	X
cvss4_vuldb_at	N	N
cvss4_vuldb_sc	N	N
cvss4_vuldb_si	N	N
cvss4_vuldb_sa	N	N
cvss2_vuldb_basescore	7.5	7.5
cvss2_vuldb_tempscore	6.4	6.4
cvss3_vuldb_basescore	7.3	7.3
cvss3_vuldb_tempscore	6.6	6.6
cvss3_meta_basescore	7.3	7.3
cvss3_meta_tempscore	6.6	6.9
cvss4_vuldb_bscore	6.9	6.9
cvss4_vuldb_btscore	5.5	5.5
advisory_date	1745704800 (04/27/2025)	1745704800 (04/27/2025)
price_0day	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /contact.php. The manipulation of the argument fname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
cvss4_cna_av		N
cvss4_cna_ac		L
cvss4_cna_at		N
cvss4_cna_pr		N
cvss4_cna_ui		N
cvss4_cna_vc		L
cvss4_cna_vi		L
cvss4_cna_va		L
cvss4_cna_sc		N
cvss4_cna_si		N
cvss4_cna_sa		N
cvss4_cna_bscore		6.9
cvss3_cna_av		N
cvss3_cna_ac		L
cvss3_cna_pr		N
cvss3_cna_ui		N
cvss3_cna_s		U
cvss3_cna_c		L
cvss3_cna_i		L
cvss3_cna_a		L
cvss3_cna_basescore		7.3
cvss2_cna_av		N
cvss2_cna_ac		L
cvss2_cna_au		N
cvss2_cna_ci		P
cvss2_cna_ii		P
cvss2_cna_ai		P
cvss2_cna_basescore		7.5

◂ Gurɗo Gumti Gada ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!