AI description
CVE-2025-4941 is a vulnerability found in PHPGurukul Credit Card Application Management System 1.0. It involves an SQL injection flaw within the file `/admin/index.php`. Specifically, the `username` argument can be manipulated to inject SQL commands. This vulnerability can be exploited remotely and does not require authentication. Public exploits and technical details are available. The attack technique is classified as T1505 by the MITRE ATT&CK project.
- Description
- A vulnerability, which was classified as critical, was found in PHPGurukul Credit Card Application Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
- Source
- cna@vuldb.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 6.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
CVE-2025-4941 - Trend ZDI analyst @hosselot details the Firefox bug used at #Pwn2Own Berlin by Manfred Paul. Includes root cause analysis and video demo. https://t.co/OEY3e4YEpQ
@thezdi
15 Jul 2025
9125 Impressions
23 Retweets
100 Likes
46 Bookmarks
2 Replies
0 Quotes
🔴 PHPGurukul Credit Card Management System, SQL Injection, #CVE-2025-4941 (Critical) https://t.co/kDJaIyV5cX
@dailycve
28 May 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4941 A vulnerability, which was classified as critical, was found in PHPGurukul Credit Card Application Management System 1.0. Affected is an unknown function of the file /a… https://t.co/PMahn8Usog
@CVEnew
19 May 2025
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpgurukul:credit_card_application_management_system:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0BFAAD8-0306-420B-B06D-F23D04AB2072"
}
],
"operator": "OR"
}
]
}
]