VDB
CVE-2025-4013
CVE-2025-4013
PUBLISHED
CVSS 6.900000095367432 MEDIUM
A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
EPSS 0.17% · 38.1th percentile
Risk Scores
CVSS 4.0
6.900000095367432
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
EPSS Score
0.17%
38.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| phpgurukul | art_gallery_management_system | 1.0 |
| PHPGurukul | Art Gallery Management System | 1.0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-4013 (circl-sighting)
- CIRCL seen: CVE-2025-4013 (circl-sighting)
- VDB-306366 | PHPGurukul Art Gallery Management System aboutus.php sql injection (circl)
- VDB-306366 | CTI Indicators (IOB, IOC, TTP, IOA) (circl)
- Submit #558348 | PHPGurukul Art Gallery Management System v1.0 SQL Injection (circl)
- https://phpgurukul.com/ (circl)
- https://github.com/ljfhhh/CVE/issues/1 (cve.org)
Timeline
- Apr 28, 2025 EPSS Score
- Apr 28, 2025 CVE Published
- Apr 28, 2025 PoC Published
- Apr 28, 2025 PoC Published
- May 10, 2025 EPSS Score
- May 12, 2025 CVE Updated
- May 17, 2025 Coalition ESS Score
- May 22, 2025 EPSS Score
- Jun 3, 2025 EPSS Score
- Jun 15, 2025 EPSS Score
- Jun 27, 2025 EPSS Score
- Jul 9, 2025 EPSS Score
References
- VDB-306366 | PHPGurukul Art Gallery Management System aboutus.php sql injection vdb
- VDB-306366 | CTI Indicators (IOB, IOC, TTP, IOA) url
- Submit #558348 | PHPGurukul Art Gallery Management System v1.0 SQL Injection third-party-advisory
- https://github.com/ljfhhh/CVE/issues/1 exploit
- https://phpgurukul.com/ url
- https://nvd.nist.gov/vuln/detail/CVE-2025-4013 advisory
- https://phpgurukul.com url