PHPGurukul Vehicle Record Management System 10, SQL Injection, CVE-2025-5913 (Critical)

Listen to this Post

How the CVE Works

The vulnerability exists in `/admin/search-vehicle.php` due to improper sanitization of the `searchinputdata` parameter. Attackers can inject malicious SQL queries through this input field, allowing unauthorized database access, data exfiltration, or manipulation. The flaw arises from direct concatenation of user-supplied input into SQL statements without prepared statements or input validation. Remote exploitation is possible without authentication, making it critical.

DailyCVE Form

Platform: PHPGurukul VRMS
Version: 1.0
Vulnerability: SQL Injection
Severity: Critical
Date: 06/16/2025

Prediction: Patch by 08/2025

What Undercode Say

Analytics:

SELECT FROM vehicles WHERE id = '1' UNION SELECT username, password FROM users--';
curl -X POST -d "searchinputdata=' OR 1=1--" http://target/admin/search-vehicle.php

Exploit:

  • Craft malicious payloads for searchinputdata.
  • Use automated tools like SQLmap.
  • Dump database contents.

Protection from this CVE:

  • Use prepared statements.
  • Sanitize user inputs.
  • Update to patched version.

Impact:

  • Unauthorized data access.
  • Database compromise.
  • System takeover.

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top