CVE-2025-5553

HIGH

PHPGurukul Rail Pass Management System 1.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-5553. PoCs published by yozgatalperen1.

AI-analyzed exploit summary This exploit demonstrates a time-based SQL injection vulnerability in the Rail Pass Management System's 'searchdata' parameter. The payload uses a sleep function to confirm the vulnerability by delaying the response time.

Description

A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download-pass.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

exploitdb WORKING POC

by yozgatalperen1 · textwebappsphp

https://www.exploit-db.com/exploits/51790

View Code ZIP pw:eip

This exploit demonstrates a time-based SQL injection vulnerability in the Rail Pass Management System's 'searchdata' parameter. The payload uses a sleep function to confirm the vulnerability by delaying the response time.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Rail Pass Management System 1.0

No auth needed

Prerequisites: Access to the target application's download-pass.php page

MITRE ATT&CK

T1505 - Server Software Component T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.311005

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.311005

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.587416

Exploit, Issue Tracking, Third Party Advisory exploit issue-tracking

https://github.com/f1rstb100d/myCVE/issues/30

Product product

https://phpgurukul.com/

Exploit, Third Party Advisory

https://www.exploit-db.com/exploits/51790

Scores

CVSS v3 7.3

EPSS 0.0029

EPSS Percentile 53.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

phpgurukul/rail_pass_management_system 1.0

Published Jun 04, 2025

Tracked Since Feb 18, 2026