exploitDog

CVE-2025-65380

Опубликовано: 02 дек. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query.

Ссылки

https://github.com/dewcode91/security-research/blob/main/CVE-2025-65380.md
Third Party Advisory
https://phpgurukul.com/billing-system-using-php-and-mysql
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpgurukul:billing_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 9%

0.00033

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-9cpm-2q59-cph3

CVSS3: 6.5

github

2 месяца назад

PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query.

EPSS

Процентиль: 9%

0.00033

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-89