CVE-2025-4191

Опубликовано: 02 мая 2025

Источник: nvd

CVSS3: 7.3

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /editmyeducation.php. The manipulation of the argument coursepg/yophsc leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Ссылки

https://github.com/ideal-valli/myCVE/issues/3
Exploit
Third Party Advisory
https://phpgurukul.com/
Product
https://vuldb.com/?ctiid.306805
Permissions Required
VDB Entry
https://vuldb.com/?id.306805
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.561816
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.591204
Third Party Advisory
VDB Entry
https://github.com/ideal-valli/myCVE/issues/3
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpgurukul:employee_record_management_system:1.3:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00095

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74

CWE-89

Связанные уязвимости

GHSA-4p79-vffr-6jm5

CVSS3: 7.3

github

9 месяцев назад

A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /editmyeducation.php. The manipulation of the argument coursepg leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

EPSS

Процентиль: 27%

0.00095

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74

CWE-89