CVE-2025-4908 MEDIUM

CVE-2025-4908: PHPGurukul Daily Expense Tracker System expense-datewise-reports-detailed.php sql injection

Vendor Phpgurukul
Product Daily Expense Tracker System
Weakness CWE-89 · SQLi
Published May 19, 2025
Last update May 19, 2025
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as critical has been found in PHPGurukul Daily Expense Tracker System 1.1. This affects an unknown part of the file /expense-datewise-reports-detailed.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

May 19, 2025 CVE published
May 19, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-0534 SourceCodester Online Tours & Travels Management System expense_report.php sql injection CVE-2025-9492 Campcodes Online Water Billing System addclient1.php sql injection CVE-2025-11472 SourceCodester Hotel and Lodge Management System edit_room.php sql injection CVE-2023-7131 code-projects Intern Membership Management System User Registration sql injection CVE-2024-0685 Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection