CVE-2025-1583
Published: 23 February 2025
Description
A vulnerability classified as critical has been found in PHPGurukul Online Nurse Hiring System 1.0. This affects an unknown part of the file /admin/search-report-details.php. The manipulation of the argument searchinput leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Security Summary
CVE-2025-1583 is a SQL injection vulnerability affecting PHPGurukul Online Nurse Hiring System 1.0. The issue resides in an unknown part of the file /admin/search-report-details.php, where manipulation of the searchinput argument enables the injection. Classified as critical with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), it maps to CWEs 74 and 89. The vulnerability was published on 2025-02-23.
An attacker with low privileges can exploit this remotely over the network with low complexity and no user interaction required. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling unauthorized data access, modification, or disruption within the affected application's database.
Advisories and details are available in referenced sources, including a GitHub issue at https://github.com/wqywfvc/CVE/issues/12, the vendor site at https://phpgurukul.com/, and VULDB entries at https://vuldb.com/?ctiid.296559, https://vuldb.com/?id.296559, and https://vuldb.com/?submit.504452.
The exploit has been publicly disclosed and may be used by attackers.
Details
- CWE(s)