CVE-2025-4073: PHPGurukul Student Record System change-password.php sql injection
First published: Tue Apr 29 2025(Updated: )
A vulnerability was found in PHPGurukul Student Record System 3.20. It has been classified as critical. Affected is an unknown function of the file /change-password.php. The manipulation of the argument currentpassword leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Student Record System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4073?
CVE-2025-4073 has been classified as a critical vulnerability.
What kind of vulnerability is CVE-2025-4073?
CVE-2025-4073 is an SQL injection vulnerability affecting the currentpassword parameter.
Which software is affected by CVE-2025-4073?
CVE-2025-4073 affects the PHPGurukul Student Record System 3.20.
How do I fix CVE-2025-4073?
To fix CVE-2025-4073, ensure proper validation and sanitization of input parameters used in SQL queries.
What can be the impact of exploiting CVE-2025-4073?
Exploiting CVE-2025-4073 can allow an attacker to execute arbitrary SQL commands on the database.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/phpgurukul
- canonical/student record system