Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Login and User Management System by PHPGurukul
CVE-2025-8158 (GCVE-0-2025-8158)
Vulnerability from nvd – Published: 2025-07-25 13:32 – Updated: 2025-07-25 13:52
VLAI
EPSS
VEX
Title
PHPGurukul Login and User Management System yesterday-reg-users.php sql injection
Summary
A vulnerability was found in PHPGurukul Login and User Management System 3.3. It has been declared as critical. This vulnerability affects unknown code of the file /admin/yesterday-reg-users.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.317572 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.317572 | signaturepermissions-required |
| https://vuldb.com/?submit.620608 | third-party-advisory |
| https://github.com/secfake/mycve/issues/3 | exploitissue-tracking |
| https://phpgurukul.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PHPGurukul | Login and User Management System |
Affected:
3.3
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8158",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-25T13:52:09.271676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T13:52:12.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/secfake/mycve/issues/3"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Login and User Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "3.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "anhtrankma (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Login and User Management System 3.3. It has been declared as critical. This vulnerability affects unknown code of the file /admin/yesterday-reg-users.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul Login and User Management System 3.3 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/yesterday-reg-users.php. Mit der Manipulation des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T13:32:06.411Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317572 | PHPGurukul Login and User Management System yesterday-reg-users.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.317572"
},
{
"name": "VDB-317572 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317572"
},
{
"name": "Submit #620608 | PHPGurukul User Registration \u0026 Login and User Management System 3.3 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.620608"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/secfake/mycve/issues/3"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-25T08:55:56.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Login and User Management System yesterday-reg-users.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8158",
"datePublished": "2025-07-25T13:32:06.411Z",
"dateReserved": "2025-07-25T06:50:36.746Z",
"dateUpdated": "2025-07-25T13:52:12.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8158 (GCVE-0-2025-8158)
Vulnerability from cvelistv5 – Published: 2025-07-25 13:32 – Updated: 2025-07-25 13:52
VLAI
EPSS
VEX
Title
PHPGurukul Login and User Management System yesterday-reg-users.php sql injection
Summary
A vulnerability was found in PHPGurukul Login and User Management System 3.3. It has been declared as critical. This vulnerability affects unknown code of the file /admin/yesterday-reg-users.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.317572 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.317572 | signaturepermissions-required |
| https://vuldb.com/?submit.620608 | third-party-advisory |
| https://github.com/secfake/mycve/issues/3 | exploitissue-tracking |
| https://phpgurukul.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PHPGurukul | Login and User Management System |
Affected:
3.3
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8158",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-25T13:52:09.271676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T13:52:12.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/secfake/mycve/issues/3"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Login and User Management System",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "3.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "anhtrankma (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Login and User Management System 3.3. It has been declared as critical. This vulnerability affects unknown code of the file /admin/yesterday-reg-users.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul Login and User Management System 3.3 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/yesterday-reg-users.php. Mit der Manipulation des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T13:32:06.411Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317572 | PHPGurukul Login and User Management System yesterday-reg-users.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.317572"
},
{
"name": "VDB-317572 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317572"
},
{
"name": "Submit #620608 | PHPGurukul User Registration \u0026 Login and User Management System 3.3 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.620608"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/secfake/mycve/issues/3"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-25T08:55:56.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul Login and User Management System yesterday-reg-users.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8158",
"datePublished": "2025-07-25T13:32:06.411Z",
"dateReserved": "2025-07-25T06:50:36.746Z",
"dateUpdated": "2025-07-25T13:52:12.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}