CVE-2025-4297: PHPGurukul Men Salon Management System change-password.php sql injection
First published: Mon May 05 2025(Updated: )
A vulnerability was found in PHPGurukul Men Salon Management System 2.0. It has been classified as critical. This affects an unknown part of the file /admin/change-password.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| phpgurukul Men Salon Management System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4297?
CVE-2025-4297 has been classified as critical due to its potential for remote SQL injection.
How do I fix CVE-2025-4297?
To fix CVE-2025-4297, it is recommended to validate and sanitize all user inputs that interact with the database.
What does CVE-2025-4297 affect?
CVE-2025-4297 affects the file /admin/change-password.php in PHPGurukul Men Salon Management System 2.0.
Can CVE-2025-4297 be exploited remotely?
Yes, CVE-2025-4297 can be exploited remotely, allowing attackers to execute SQL injection attacks.
What are the implications of CVE-2025-4297?
The implications of CVE-2025-4297 include unauthorized access to sensitive data and potential compromise of the application.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/source
- agent/author
- agent/severity
- agent/tags
- agent/event
- vendor/phpgurukul
- canonical/phpgurukul men salon management system