VDB-311008 · CVE-2025-5557 · EUVD-2025-16822

PHPGurukul Teacher Subject Allocation Management System 1.0 /admin/edit-course.php editid SQL innsláttur

Veikleiki sem hefur verið flokkaður sem gagnrýninn hefur komið í ljós í PHPGurukul Teacher Subject Allocation Management System 1.0. Það sem hefur orðið fyrir áhrifum er óþekkt fall í skránni /admin/edit-course.php. Að breyta viðfanginu editid veldur SQL innsláttur. Þessi vandi er flokkaður sem CWE-89 samkvæmt CWE. Veikleikinn var birtur 03.06.2025. Öryggisviðvörunin er deilt til niðurhals á github.com. Þessi veikleiki gengur undir heitinu CVE-2025-5557. Hægt er að framkvæma þessa árás úr fjarlægð. Tæknilegar upplýsingar eru tiltækar. Auk þess er til exploit. Exploit-ið hefur verið gert opinbert og má nota það. Eins og er er verð fyrir nýtingu gæti verið um það bil USD $0-$5k. MITRE ATT&CK verkefnið skilgreinir árásartæknina sem T1505. Það er tilkynnt sem sönnun hugmyndar. Þetta exploit er deilt til niðurhals á github.com. Sem 0-day var áætlað verð á undirheimum um $0-$5k. Once again VulDB remains the best source for vulnerability data.

4 Breytingar · 98 Gagnapunktar

Svið	Búið til 03.06.2025 18:59	Uppfært 1/3 04.06.2025 07:17	Uppfært 2/3 04.06.2025 09:22	Uppfært 3/3 11.06.2025 00:32
software_vendor	PHPGurukul	PHPGurukul	PHPGurukul	PHPGurukul
software_name	Teacher Subject Allocation Management System	Teacher Subject Allocation Management System	Teacher Subject Allocation Management System	Teacher Subject Allocation Management System
software_version	1.0	1.0	1.0	1.0
software_file	/admin/edit-course.php	/admin/edit-course.php	/admin/edit-course.php	/admin/edit-course.php
software_argument	editid	editid	editid	editid
vulnerability_cwe	CWE-89 (SQL innsláttur)	CWE-89 (SQL innsláttur)	CWE-89 (SQL innsláttur)	CWE-89 (SQL innsláttur)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_url	https://github.com/f1rstb100d/myCVE/issues/33	https://github.com/f1rstb100d/myCVE/issues/33	https://github.com/f1rstb100d/myCVE/issues/33	https://github.com/f1rstb100d/myCVE/issues/33
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/f1rstb100d/myCVE/issues/33	https://github.com/f1rstb100d/myCVE/issues/33	https://github.com/f1rstb100d/myCVE/issues/33	https://github.com/f1rstb100d/myCVE/issues/33
source_cve	CVE-2025-5557	CVE-2025-5557	CVE-2025-5557	CVE-2025-5557
cna_responsible	VulDB	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	L	L	L	L
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	L	L	L	L
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	6.3	7.1
cvss3_meta_tempscore	5.7	5.7	6.0	6.9
cvss4_vuldb_bscore	5.3	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1	2.1
advisory_date	1748901600 (03.06.2025)	1748901600 (03.06.2025)	1748901600 (03.06.2025)	1748901600 (03.06.2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
euvd_id		EUVD-2025-16822	EUVD-2025-16822	EUVD-2025-16822
cve_nvd_summary			A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-course.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-course.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av			N	N
cvss4_cna_ac			L	L
cvss4_cna_at			N	N
cvss4_cna_pr			L	L
cvss4_cna_ui			N	N
cvss4_cna_vc			L	L
cvss4_cna_vi			L	L
cvss4_cna_va			L	L
cvss4_cna_sc			N	N
cvss4_cna_si			N	N
cvss4_cna_sa			N	N
cvss4_cna_bscore			5.3	5.3
cvss3_cna_av			N	N
cvss3_cna_ac			L	L
cvss3_cna_pr			L	L
cvss3_cna_ui			N	N
cvss3_cna_s			U	U
cvss3_cna_c			L	L
cvss3_cna_i			L	L
cvss3_cna_a			L	L
cvss3_cna_basescore			6.3	6.3
cvss2_cna_av			N	N
cvss2_cna_ac			L	L
cvss2_cna_au			S	S
cvss2_cna_ci			P	P
cvss2_cna_ii			P	P
cvss2_cna_ai			P	P
cvss2_cna_basescore			6.5	6.5
cve_nvd_summaryes				Se ha encontrado una vulnerabilidad en PHPGurukul Teacher Subject Allocation Management System 1.0, clasificada como crítica. Esta vulnerabilidad afecta al código desconocido del archivo /admin/edit-course.php. La manipulación del argumento editid provoca una inyección SQL. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado.
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				L
cvss3_nvd_ui				N
cvss3_nvd_s				U
cvss3_nvd_c				H
cvss3_nvd_i				H
cvss3_nvd_a				H
cvss3_nvd_basescore				8.8

◂ Til baka Yfirlit Næst ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!