CVE-2025-3146

HIGH

PHPGurukul Bus Pass Management System 1.0 - SQL Injection via viewid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-3146. PoCs published by Aryan Chehreghani.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Bus Pass Management System 1.0 via the 'viewid' parameter. The PoC provides clear steps to reproduce the issue, including authentication and payload injection.

Description

A vulnerability, which was classified as critical, was found in PHPGurukul Bus Pass Management System 1.0. This affects an unknown part of the file /view-pass-detail.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Aryan Chehreghani · textwebappsphp
https://www.exploit-db.com/exploits/50235

This exploit demonstrates a SQL injection vulnerability in Bus Pass Management System 1.0 via the 'viewid' parameter. The PoC provides clear steps to reproduce the issue, including authentication and payload injection.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Bus Pass Management System 1.0
Auth required
Prerequisites: access to admin panel · valid credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.303051
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.303051
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.525340
Exploit, Issue Tracking, Third Party Advisory exploit issue-tracking
https://github.com/nabiland/cve/issues/1
Product product
https://phpgurukul.com/
Exploit, Third Party Advisory
https://www.exploit-db.com/exploits/50235

Scores

CVSS v3 7.3
EPSS 0.0044
EPSS Percentile 34.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-74 CWE-89
Status published
Products (1)
phpgurukul/bus_pass_management_system 1.0
Published Apr 03, 2025
Tracked Since Feb 18, 2026