CVE-2025-4028: PHPGurukul COVID19 Testing Management System profile.php sql injection
First published: Mon Apr 28 2025(Updated: )
A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHPGurukul COVID19 Testing Management System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4028?
CVE-2025-4028 is classified as critical due to the potential for SQL injection vulnerabilities.
How do I fix CVE-2025-4028?
To fix CVE-2025-4028, sanitize and validate all user inputs, especially the mobilenumber parameter in the /profile.php file.
Which software is affected by CVE-2025-4028?
CVE-2025-4028 affects PHPGurukul COVID19 Testing Management System version 1.0.
What type of attack can be executed through CVE-2025-4028?
CVE-2025-4028 allows for SQL injection attacks, which can compromise database integrity.
What is the impact of CVE-2025-4028 on user data?
The impact of CVE-2025-4028 can lead to unauthorized access and potential data leaks from the database.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/last-modified-date
- agent/source
- agent/tags
- agent/event
- vendor/phpgurukul
- canonical/phpgurukul covid19 testing management system