CVE-2025-1581
Published: 23 February 2025
Description
A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /book-nurse.php?bookid=1. The manipulation of the argument contactname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Security Summary
CVE-2025-1581 is a critical SQL injection vulnerability in PHPGurukul Online Nurse Hiring System 1.0. The flaw affects an unknown functionality within the file /book-nurse.php?bookid=1, where manipulation of the contactname argument triggers the injection. Published on 2025-02-23, it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and is linked to CWEs-74 and CWE-89.
The vulnerability enables remote exploitation with low attack complexity and requires low privileges from the attacker. Successful attacks can compromise confidentiality, integrity, and availability to a low degree, as per the CVSS metrics. The exploit has been publicly disclosed and may be actively used by threat actors.
Advisories and additional details are documented on VulDB (ctiid.296557, id.296557, submit.504450), a GitHub issue at https://github.com/wqywfvc/CVE/issues/10, and the vendor site https://phpgurukul.com/. No specific patch or mitigation steps are detailed in the primary disclosure.
Details
- CWE(s)