Cyber Posture

CVE-2025-2644

HighPublic PoC

Published: 23 March 2025

Published
23 March 2025
Modified
02 April 2025
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0007 21.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may leverage databases to mine valuable information.

Security Summary

CVE-2025-2644 is a critical SQL injection vulnerability in PHPGurukul Art Gallery Management System version 1.0. The flaw resides in the processing of the /admin/add-art-product.php file, where manipulation of the 'arttype' argument enables SQL injection. It is associated with CWE-74 (Improper Neutralization of Special Elements used in an SQL Command) and CWE-89 (SQL Injection), carrying a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling data exfiltration, modification, or disruption through injected SQL queries.

Advisories and details are documented in references including VulDB entries (vuldb.com/?ctiid.300659, vuldb.com/?id.300659, vuldb.com/?submit.519773), a GitHub issue (github.com/liuhao2638/cve/issues/7), and the vendor site (phpgurukul.com/). The exploit has been publicly disclosed and may be actively used by attackers.

Security practitioners should prioritize scanning for exposed instances of PHPGurukul Art Gallery Management System 1.0 and apply any available updates, while implementing input validation and prepared statements as interim defenses against SQL injection.

Details

CWE(s)
CWE-74CWE-89

Affected Products

phpgurukul
art gallery management system
1.0

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
attack.mitre.org →
Why these techniques?

SQL injection in unauthenticated public-facing web app directly enables T1190 for initial access; allows arbitrary DB queries facilitating T1213.006 for data collection/exfiltration.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References