exploitDog

GHSA-5fhm-w463-rhq6

Опубликовано: 13 мар. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter.

A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter.

Ссылки

EPSS

Процентиль: 27%

0.00096

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2025-28011

CVSS3: 6.1

nvd

11 месяцев назад

A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter.

EPSS

Процентиль: 27%

0.00096

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-89