VDB
CVE-2025-3972
CVE-2025-3972
PUBLISHED
CVSS 6.900000095367432 MEDIUM
A vulnerability, which was classified as critical, has been found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /bwdates-report-result.php. The manipulation of the argument todate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
EPSS 0.12% · 30.1th percentile
Risk Scores
CVSS 4.0
6.900000095367432
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
EPSS Score
0.12%
30.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PHPGurukul | COVID19 Testing Management System | 1.0 |
| phpgurukul | covid19_testing_management_system | 1.0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-3972 (circl-sighting)
- VDB-306308 | PHPGurukul COVID19 Testing Management System bwdates-report-result.php sql injection (circl)
- VDB-306308 | CTI Indicators (IOB, IOC, TTP, IOA) (circl)
- Submit #557392 | PHPGurukul COVID19 Testing Management System V1.0 SQL Injection (circl)
- https://phpgurukul.com/ (circl)
- https://github.com/skyrainoh/CVE/issues/2 (cve.org)
Timeline
- Apr 27, 2025 CVE Published
- Apr 27, 2025 PoC Published
- Apr 28, 2025 EPSS Score
- Apr 28, 2025 CVE Updated
- May 10, 2025 EPSS Score
- May 17, 2025 Coalition ESS Score
- May 22, 2025 EPSS Score
- Jun 3, 2025 EPSS Score
- Jun 15, 2025 EPSS Score
- Jun 27, 2025 EPSS Score
- Jul 9, 2025 EPSS Score
- Jul 21, 2025 EPSS Score
References
- VDB-306308 | PHPGurukul COVID19 Testing Management System bwdates-report-result.php sql injection vdb
- VDB-306308 | CTI Indicators (IOB, IOC, TTP, IOA) url
- Submit #557392 | PHPGurukul COVID19 Testing Management System V1.0 SQL Injection third-party-advisory
- https://github.com/skyrainoh/CVE/issues/2 exploit
- https://phpgurukul.com/ url
- https://nvd.nist.gov/vuln/detail/CVE-2025-3972 advisory
- https://phpgurukul.com url