CVE-2025-2378: PHPGurukul Medical Card Generation System download-medical-cards.php sql injection
First published: Mon Mar 17 2025(Updated: )
A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been classified as critical. This affects an unknown part of the file /download-medical-cards.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Anujkumar Medical Card Generation System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-2378?
CVE-2025-2378 has been classified as critical.
What type of vulnerability is CVE-2025-2378?
CVE-2025-2378 is categorized as an SQL injection vulnerability.
Which part of the software is affected by CVE-2025-2378?
CVE-2025-2378 affects the file /download-medical-cards.php in the PHPGurukul Medical Card Generation System.
How can I fix CVE-2025-2378?
To fix CVE-2025-2378, ensure proper validation and sanitization of the input parameters, particularly the argument searchdata.
What happens if CVE-2025-2378 is exploited?
If exploited, CVE-2025-2378 allows an attacker to manipulate SQL queries, potentially leading to unauthorized data access or manipulation.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/description
- agent/weakness
- agent/first-publish-date
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/source
- agent/author
- agent/tags
- agent/event
- vendor/phpgurukul
- canonical/anujkumar medical card generation system