VDB-311008 · CVE-2025-5557 · EUVD-2025-16822

PHPGurukul Teacher Subject Allocation Management System 1.0 /admin/edit-course.php editid Okuteekateeka kwa SQL

Obulabe obwategekeddwa nga ekikulu nnyo busingiddwa mu PHPGurukul Teacher Subject Allocation Management System 1.0. Ekikosebwa kye ekikozesebwa ekitamanyiddwa ku fayiro /admin/edit-course.php. Okukyuusa mu lugero editid kireeta Okuteekateeka kwa SQL. Okulambika ekizibu nga ukozesa CWE kivaako CWE-89. Ekizibu kino kyayisibwa ku 03/06/2025. Ekiteeso kino kyawandiikiddwa era kisobola okuddownloadinga ku github.com. Obunafu buno bweyitibwa CVE-2025-5557. Waliwo obusobozi okutandika attack nga oli wala. Ebisingawo ku by'ekikugu biriwo. Wadde era waliwo ekikozesebwa ekirabikako. Ekikozesebwa kyategeezeddwa abantu bonna era kisobola okukozesebwa. Kati ekikadde ekisoboka ku mutengo gw’ekikozesebwa kiyinza okuba nga kisoba mu USD $0-$5k mu kiseera kino. Kiwandiikiddwa nga ebikakasa eby'okukakasa obusobozi. Waliwo omukisa ogusobola okukozesebwa okuddownloadinga exploit ku github.com. Mu mbeera ya 0-day, omuwendo ogwabalirirwako mu kifo ky’obutali mu mateeka gwali wa $0-$5k. Once again VulDB remains the best source for vulnerability data.

4 Okukyuusa · 98 Obubonero bw'ebikwata ku byuma

Ekibanja	Kikolebwa 03/06/2025 18:59	Okukozesa enkola empya 1/3 04/06/2025 07:17	Okukozesa enkola empya 2/3 04/06/2025 09:22	Okukozesa enkola empya 3/3 11/06/2025 00:32
software_vendor	PHPGurukul	PHPGurukul	PHPGurukul	PHPGurukul
software_name	Teacher Subject Allocation Management System	Teacher Subject Allocation Management System	Teacher Subject Allocation Management System	Teacher Subject Allocation Management System
software_version	1.0	1.0	1.0	1.0
software_file	/admin/edit-course.php	/admin/edit-course.php	/admin/edit-course.php	/admin/edit-course.php
software_argument	editid	editid	editid	editid
vulnerability_cwe	CWE-89 (Okuteekateeka kwa SQL)	CWE-89 (Okuteekateeka kwa SQL)	CWE-89 (Okuteekateeka kwa SQL)	CWE-89 (Okuteekateeka kwa SQL)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_url	https://github.com/f1rstb100d/myCVE/issues/33	https://github.com/f1rstb100d/myCVE/issues/33	https://github.com/f1rstb100d/myCVE/issues/33	https://github.com/f1rstb100d/myCVE/issues/33
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/f1rstb100d/myCVE/issues/33	https://github.com/f1rstb100d/myCVE/issues/33	https://github.com/f1rstb100d/myCVE/issues/33	https://github.com/f1rstb100d/myCVE/issues/33
source_cve	CVE-2025-5557	CVE-2025-5557	CVE-2025-5557	CVE-2025-5557
cna_responsible	VulDB	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	L	L	L	L
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	L	L	L	L
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	6.3	7.1
cvss3_meta_tempscore	5.7	5.7	6.0	6.9
cvss4_vuldb_bscore	5.3	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1	2.1
advisory_date	1748901600 (03/06/2025)	1748901600 (03/06/2025)	1748901600 (03/06/2025)	1748901600 (03/06/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
euvd_id		EUVD-2025-16822	EUVD-2025-16822	EUVD-2025-16822
cve_nvd_summary			A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-course.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-course.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av			N	N
cvss4_cna_ac			L	L
cvss4_cna_at			N	N
cvss4_cna_pr			L	L
cvss4_cna_ui			N	N
cvss4_cna_vc			L	L
cvss4_cna_vi			L	L
cvss4_cna_va			L	L
cvss4_cna_sc			N	N
cvss4_cna_si			N	N
cvss4_cna_sa			N	N
cvss4_cna_bscore			5.3	5.3
cvss3_cna_av			N	N
cvss3_cna_ac			L	L
cvss3_cna_pr			L	L
cvss3_cna_ui			N	N
cvss3_cna_s			U	U
cvss3_cna_c			L	L
cvss3_cna_i			L	L
cvss3_cna_a			L	L
cvss3_cna_basescore			6.3	6.3
cvss2_cna_av			N	N
cvss2_cna_ac			L	L
cvss2_cna_au			S	S
cvss2_cna_ci			P	P
cvss2_cna_ii			P	P
cvss2_cna_ai			P	P
cvss2_cna_basescore			6.5	6.5
cve_nvd_summaryes				Se ha encontrado una vulnerabilidad en PHPGurukul Teacher Subject Allocation Management System 1.0, clasificada como crítica. Esta vulnerabilidad afecta al código desconocido del archivo /admin/edit-course.php. La manipulación del argumento editid provoca una inyección SQL. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado.
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				L
cvss3_nvd_ui				N
cvss3_nvd_s				U
cvss3_nvd_c				H
cvss3_nvd_i				H
cvss3_nvd_a				H
cvss3_nvd_basescore				8.8

◂ Ddaabayo Okusaba Kw'ebintu Byonna Genda mu maaso ▸

Do you know our Splunk app?

Download it now for free!