CVE-2025-2473

HIGH NUCLEI

PHPGurukul Company Visitor Management System 2.0 - SQL Injection

Title source: llm

Description

A vulnerability was found in PHPGurukul Company Visitor Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /index.php of the component Sign In. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Nuclei Templates (1)

Company Visitor Management System 1.0 - SQL Injection

CRITICALVERIFIEDby arafatansari

References (5)

[Exploit, Third Party Advisory] https://github.com/l8BL/vul_report/issues/2

[Product] https://phpgurukul.com/

[Permissions Required] https://vuldb.com/?ctiid.299966

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.299966

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.517266

Scores

CVSS v3 7.3

EPSS 0.0380

EPSS Percentile 88.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

phpgurukul/company_visitor_management_system 2.0

Published Mar 18, 2025

Tracked Since Feb 18, 2026