PHPGurukul Dairy Farm Shop Management System 1.3 /invoice.php del SQL Injection

Hakika vulnerability da aka rarraba a matsayin kura an gano a PHPGurukul Dairy Farm Shop Management System 1.3. Tabbas, aikin $software_function ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil /invoice.php, a cikin sashi $software_component. Wuro manipulation of the argument del ga SQL Injection. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-89. Lalle, rauni an sanar da shi 07/13/2025. Ana samun bayanin tsaro don saukewa a github.com. Ana kiran wannan rauni da CVE-2025-7599. Ngam yiɗi ka a tuma ndiyam ka nder layi. Bayani na fasaha ga. Kuma, akwai exploit. Exploit ɗin an bayyana wa jama'a, za a iya amfani da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á yí huɗɗi-na-gaskiya. Za a iya samun exploit a github.com. 0-day ga, an ndiyam a wuro be $0-$5k. If you want to get best quality of vulnerability data, you may have to visit VulDB.

3 Goyarwa · 86 Datenpunkte

FurɗeSúgá
07/13/2025 16:37		Gargadi 1/2
07/14/2025 14:43		Gargadi 2/2
07/14/2025 15:08
software_vendorPHPGurukulPHPGurukulPHPGurukul
software_nameDairy Farm Shop Management SystemDairy Farm Shop Management SystemDairy Farm Shop Management System
software_version1.31.31.3
software_file/invoice.php/invoice.php/invoice.php
software_argumentdeldeldel
vulnerability_cweCWE-89 (SQL Injection)CWE-89 (SQL Injection)CWE-89 (SQL Injection)
vulnerability_risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
advisory_urlhttps://github.com/f1rstb100d/myCVE/issues/139https://github.com/f1rstb100d/myCVE/issues/139https://github.com/f1rstb100d/myCVE/issues/139
exploit_availability111
exploit_publicity111
exploit_urlhttps://github.com/f1rstb100d/myCVE/issues/139https://github.com/f1rstb100d/myCVE/issues/139https://github.com/f1rstb100d/myCVE/issues/139
source_cveCVE-2025-7599CVE-2025-7599CVE-2025-7599
cna_responsibleVulDBVulDBVulDB
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss4_vuldb_avNNN
cvss4_vuldb_acLLL
cvss4_vuldb_uiNNN
cvss4_vuldb_vcLLL
cvss4_vuldb_viLLL
cvss4_vuldb_vaLLL
cvss4_vuldb_ePPP
cvss2_vuldb_auSSS
cvss2_vuldb_rlNDNDND
cvss3_vuldb_prLLL
cvss3_vuldb_rlXXX
cvss4_vuldb_atNNN
cvss4_vuldb_prLLL
cvss4_vuldb_scNNN
cvss4_vuldb_siNNN
cvss4_vuldb_saNNN
cvss2_vuldb_basescore6.56.56.5
cvss2_vuldb_tempscore5.65.65.6
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore5.75.75.7
cvss3_meta_basescore6.36.36.3
cvss3_meta_tempscore5.75.76.0
cvss4_vuldb_bscore5.35.35.3
cvss4_vuldb_btscore2.12.12.1
advisory_date1752357600 (07/13/2025)1752357600 (07/13/2025)1752357600 (07/13/2025)
price_0day$0-$5k$0-$5k$0-$5k
euvd_idEUVD-2025-21337EUVD-2025-21337
cve_nvd_summaryA vulnerability, which was classified as critical, has been found in PHPGurukul Dairy Farm Shop Management System 1.3. Affected by this issue is some unknown functionality of the file /invoice.php. The manipulation of the argument del leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_avN
cvss4_cna_acL
cvss4_cna_atN
cvss4_cna_prL
cvss4_cna_uiN
cvss4_cna_vcL
cvss4_cna_viL
cvss4_cna_vaL
cvss4_cna_scN
cvss4_cna_siN
cvss4_cna_saN
cvss4_cna_bscore5.3
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cvss3_cna_basescore6.3
cvss2_cna_avN
cvss2_cna_acL
cvss2_cna_auS
cvss2_cna_ciP
cvss2_cna_iiP
cvss2_cna_aiP
cvss2_cna_basescore6.5

GurɗoGumtiGada

Do you know our Splunk app?

Download it now for free!