VDB
CVE-2025-4020
CVE-2025-4020
PUBLISHED
CVSS 6.900000095367432 MEDIUM
A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /contact.php. The manipulation of the argument fname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
EPSS 0.25% · 48.9th percentile
Risk Scores
CVSS v4.0
6.900000095367432
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
EPSS Score
0.25%
48.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PHPGurukul | Old Age Home Management System | 1.0 |
| phpgurukul | old_age_home_management_system | 1.0 |
Timeline
- Apr 27, 2025 PoC Published
- Apr 28, 2025 CVE Published
- Apr 28, 2025 PoC Published
- Apr 28, 2025 PoC Published
- Apr 28, 2025 CVE Updated
- Apr 29, 2025 EPSS Score
- May 11, 2025 EPSS Score
- May 14, 2025 Coalition ESS Score
- May 23, 2025 EPSS Score
- Jun 4, 2025 EPSS Score
- Jun 16, 2025 EPSS Score
- Jun 27, 2025 EPSS Score
References
- VDB-306374 | PHPGurukul Old Age Home Management System contact.php sql injection vdb
- VDB-306374 | CTI Indicators (IOB, IOC, TTP, IOA) url
- Submit #558365 | PHPGurukul Old Age Home Management System V1.0 SQL Injection third-party-advisory
- https://github.com/Q3qc1n/myCVE/issues/1 exploit
- https://phpgurukul.com/ url
- https://nvd.nist.gov/vuln/detail/CVE-2025-4020 advisory
- https://phpgurukul.com url