CVE-2025-4941
SQL Injection vulnerability in PHPGurukul Credit Card Application Management System 1.0
Overview
This severe vulnerability is found in PHPGurukul Credit Card Application Management System 1.0. The issue lies within an unknown function of the file /admin/index.php where manipulation of the 'Username' argument leads to SQL injection.
Technical Details
Affecting an unknown function of the file /admin/index.php, this vulnerability can be exploited with the manipulation of the 'Username' argument leading to SQL injection. It is notable that the attack can be launched remotely and requires no user interaction.
CVSS Metrics
- Attack vector: NETWORK
- Attack complexity: LOW
- Requirement of privileges: NONE
- User interaction: NONE
- Confidentiality Impact: LOW
- Integrity Impact: LOW
- Availability Impact: LOW
Impact
Any unauthorized user can manipulate the 'Username' argument to gain access to database information, which can then be used for malicious purposes.
Recommendations
Check if the software is up-to-date, use strong access controls, and secure the database server with proper configuration. It is also recommended to use parameterized queries or prepared statements to prevent SQL injection.
Threat Metrics
- cvss_score: 7.3
- severity: MEDIUM
- attack_vector: NETWORK
- attack_complexity: LOW