CVE-2025-4358: PHPGurukul Company Visitor Management System admin-profile.php sql injection
First published: Tue May 06 2025(Updated: )
A vulnerability classified as critical has been found in PHPGurukul Company Visitor Management System 2.0. Affected is an unknown function of the file /admin-profile.php. The manipulation of the argument adminname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Visitor Management System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4358?
CVE-2025-4358 is classified as a critical vulnerability due to its potential for SQL injection allowing remote attacks.
How do I fix CVE-2025-4358?
To fix CVE-2025-4358, sanitize and validate all user input in the adminname parameter to prevent SQL injection.
What are the risks associated with CVE-2025-4358?
The risks associated with CVE-2025-4358 include unauthorized access to sensitive data and potential complete database compromise.
Who is affected by CVE-2025-4358?
CVE-2025-4358 affects users of PHPGurukul Company Visitor Management System version 2.0.
Can CVE-2025-4358 be exploited remotely?
Yes, CVE-2025-4358 can be exploited remotely, allowing attackers to manipulate the adminname parameter.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/epss-latest
- source/FIRST
- agent/source
- agent/epss
- agent/tags
- vendor/phpgurukul
- canonical/visitor management system