CVE-2025-4164: PHPGurukul Employee Record Management System changepassword.php sql injection
First published: Thu May 01 2025(Updated: )
A vulnerability, which was classified as critical, was found in PHPGurukul Employee Record Management System 1.3. Affected is an unknown function of the file changepassword.php. The manipulation of the argument currentpassword leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHPGURUKUL Employee Record Management System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4164?
CVE-2025-4164 is classified as a critical vulnerability.
How do I fix CVE-2025-4164?
To fix CVE-2025-4164, ensure that input validation is properly implemented to prevent SQL injection.
What component is affected by CVE-2025-4164?
CVE-2025-4164 affects the 'changepassword.php' file in the PHPGurukul Employee Record Management System.
What type of vulnerability is CVE-2025-4164?
CVE-2025-4164 is an SQL injection vulnerability that exploits the 'currentpassword' parameter.
Is CVE-2025-4164 present in all versions of the Software?
CVE-2025-4164 specifically affects the PHPGurukul Employee Record Management System version 1.3.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/author
- agent/severity
- agent/last-modified-date
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/phpgurukul
- canonical/phpgurukul employee record management system