VDB
CVE-2025-3974
CVE-2025-3974
PUBLISHED
CVSS 6.900000095367432 MEDIUM
A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /edit-phlebotomist.php?pid=11. The manipulation of the argument mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
EPSS 0.12% · 30.1th percentile
Risk Scores
CVSS 4.0
6.900000095367432
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
EPSS Score
0.12%
30.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PHPGurukul | COVID19 Testing Management System | 1.0 |
| phpgurukul | covid19_testing_management_system | 1.0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-3974 (circl-sighting)
- VDB-306310 | PHPGurukul COVID19 Testing Management System edit-phlebotomist.php sql injection (circl)
- VDB-306310 | CTI Indicators (IOB, IOC, TTP, IOA) (circl)
- Submit #557394 | PHPGurukul COVID19 Testing Management System V1.0 SQL Injection (circl)
- https://phpgurukul.com/ (circl)
- https://github.com/skyrainoh/CVE/issues/4 (cve.org)
Timeline
- Apr 27, 2025 Coalition ESS Score
- Apr 27, 2025 CVE Published
- Apr 27, 2025 PoC Published
- Apr 28, 2025 EPSS Score
- Apr 28, 2025 CVE Updated
- Apr 29, 2025 Coalition ESS Score
- May 7, 2025 Coalition ESS Score
- May 10, 2025 EPSS Score
- May 22, 2025 EPSS Score
- Jun 3, 2025 EPSS Score
- Jun 15, 2025 EPSS Score
- Jun 27, 2025 EPSS Score
References
- VDB-306310 | PHPGurukul COVID19 Testing Management System edit-phlebotomist.php sql injection vdb
- VDB-306310 | CTI Indicators (IOB, IOC, TTP, IOA) url
- Submit #557394 | PHPGurukul COVID19 Testing Management System V1.0 SQL Injection third-party-advisory
- https://github.com/skyrainoh/CVE/issues/4 exploit
- https://phpgurukul.com/ url
- https://nvd.nist.gov/vuln/detail/CVE-2025-3974 advisory
- https://phpgurukul.com url