CVE-2025-4108 MEDIUM

CVE-2025-4108: PHPGurukul Student Record System add-subject.php sql injection

Vendor Phpgurukul

Product Student Record System

Weakness CWE-89 · SQLi

Published April 30, 2025

Last update April 30, 2025

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /add-subject.php. The manipulation of the argument sub1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

April 30, 2025 CVE published

April 30, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-4108 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2023-0324 SourceCodester Online Tours & Travels Management System page-login.php sql injection CVE-2025-6096 codesiddhant Jasmin Ransomware dashboard.php sql injection CVE-2026-13333 Groundhogg <= 4.5.5 - Authenticated (Sales Rep+) SQL Injection via 'query[select]' Parameter CVE-2023-40010 WordPress HUSKY – Products Filter for WooCommerce (formerly WOOF) Plugin <= 1.3.4.2 is vulnerable to SQL Injection CVE-2022-2700 SourceCodester Gym Management System GET Parameter sql injection