CVE-2025-2682: PHPGurukul Bank Locker Management System edit-subadmin.php sql injection
First published: Mon Mar 24 2025(Updated: )
A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file /edit-subadmin.php?said=3. The manipulation of the argument mobilenumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bank Locker Management System | ||
| Bank Locker Management System | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-2682?
CVE-2025-2682 is classified as a critical vulnerability.
How does CVE-2025-2682 affect PHPGurukul Bank Locker Management System?
CVE-2025-2682 affects the /edit-subadmin.php file through SQL injection via the mobilenumber parameter.
What type of attack can be initiated due to CVE-2025-2682?
CVE-2025-2682 allows for remote SQL injection attacks.
Who is affected by CVE-2025-2682?
Anyone using PHPGurukul Bank Locker Management System version 1.0 is affected by CVE-2025-2682.
How can I mitigate CVE-2025-2682?
Mitigation for CVE-2025-2682 involves validating and sanitizing user inputs, particularly the mobilenumber parameter.
- agent/title
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/description
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/author
- agent/source
- agent/severity
- agent/last-modified-date
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/event
- agent/tags
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- vendor/phpgurukul
- canonical/bank locker management system
- version/bank locker management system/1.0