CVE-2025-3220
PHPGurukul e-Diary Management System dashboard.php sql injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard.php. The manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Se encontró una vulnerabilidad en PHPGurukul e-Diary Management System 1.0. Se ha declarado crítica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /dashboard.php. La manipulación del argumento "Categoría" provoca una inyección SQL. El ataque puede ejecutarse remotamente. Se ha hecho público el exploit y puede que sea utilizado.
In PHPGurukul e-Diary Management System 1.0 wurde eine kritische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalität der Datei /dashboard.php. Durch Beeinflussen des Arguments Category mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2025-04-03 CVE Reserved
- 2025-04-04 CVE Published
- 2025-04-04 CVE Updated
- 2025-04-04 EPSS Updated
- 2025-04-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://phpgurukul.com | Product | |
| https://vuldb.com/?id.303181 | Technical Description | |
| https://vuldb.com/?submit.546176 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/JunGu-W/cve/issues/2 | 2025-04-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| PHPGurukul Search vendor "PHPGurukul" | E-Diary Management System Search vendor "PHPGurukul" for product "E-Diary Management System" | 1.0 Search vendor "PHPGurukul" for product "E-Diary Management System" and version "1.0" | en |
Affected
| ||||||